
Hundreds of unsecured Elasticsearch servers wiped, similarly to MongoDB attack - obi1kenobi
http://www.zdnet.com/article/first-came-mass-mongodb-ransacking-now-copycat-ransoms-hit-elasticsearch/
======
jjirsa
Hey kids,

If you run any sort of database, now's the time to put it behind a firewall.

Hugs and kisses, Common Sense

~~~
set321
ES is not really a database :) most databases have some authentication
features out of the box ... but true: for those kids who don't know how to
block a port, configure nginx proxies etc.:
[https://sematext.com/blog/2017/01/18/elasticsearch-
security-...](https://sematext.com/blog/2017/01/18/elasticsearch-security-
authentication-encryption-backup/)

The most valuable part is about backups for ES indices - this could save you
some bitcoins ;)

