I have not protected elasticsearch, so someone hacked it, left new index with contents where to transfer bitcoins. Data I can regenerate, the questions is how can I get rid of that. Accessing the indices directly works, but search scripts return http code 400 when I do curl requests with php. Any ideas?
edit:
I removed the folder and created index from the beginning. It did not fix anything.
Do not expose your elasticsearch cluster directly to internet without any protection.
You can use cloud.elastic.co as well.
Thanks for answering, but how someone was able to prevent me from querying the index?
What query are you running? Please test without php but curl commands.
What version?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.