Auto-created spam index


(Daniel Guo) #1

In my cluster, many spam indices are automatically created.

Please look at the image below, only the index named "video" is created by
myself.

Anybody any ideas? thanks!

https://lh5.googleusercontent.com/-W8FKBOoV98Y/UyEQJucNThI/AAAAAAAAAXE/7w7I_3_hQqo/s1600/es.png

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/7a2866d5-b294-46fc-ab3b-01c8048c45b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(Ivan Brusic) #2

You are facing a very serious issue. You can easily solve the problem that
is occurring in Elasticsearch, but the bigger problem that you are
experiencing is that your server is exposed to the world.

What is happening is that someone is scanning your system for known
vulnerabilities. When these scans execute a PUT request, it is creating a
document as a consequence. You can disable this behavior by setting
action.auto_create_index to false. [1]

That said, your Elasticsearch server is still accessible to anyone over the
internet. It should be placed behind a firewall, or at the very least
behind a proxy like nginx or even node.js. I do not think your system can
be compromised by having a public Elasticsearch server, but your data will
be.

[1]
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/docs-index_.html#index-creation

--
Ivan

On Wed, Mar 12, 2014 at 6:59 PM, Daniel Guo daniel5hbs@gmail.com wrote:

In my cluster, many spam indices are automatically created.

Please look at the image below, only the index named "video" is created by
myself.

Anybody any ideas? thanks!

https://lh5.googleusercontent.com/-W8FKBOoV98Y/UyEQJucNThI/AAAAAAAAAXE/7w7I_3_hQqo/s1600/es.png

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/7a2866d5-b294-46fc-ab3b-01c8048c45b7%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/7a2866d5-b294-46fc-ab3b-01c8048c45b7%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQCNDiOG_8dq%2BBQS3MPGxoB8ZS3mg9VAJd2x%2BVMfV2vDOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(Clinton Gormley) #3

On 13 March 2014 05:15, Ivan Brusic ivan@brusic.com wrote:

That said, your Elasticsearch server is still accessible to anyone over
the internet. I

Or somebody on your network is infected with a bot.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAPt3XKTVvE0pbeKE%3DW-XWW9v6gkT70c0E%2BmTo5-V3X2ue3ruvA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


(system) #4