[Gluster-users] Volume hacked
lemonnierk at ulrar.net
lemonnierk at ulrar.net
Sun Aug 6 19:54:33 UTC 2017
Thinking about it, is it even normal they managed to delete the VM disks?
Shoudn't they have gotten "file in use" errors ? Or does libgfapi not
lock the access files ?
On Sun, Aug 06, 2017 at 03:57:06PM +0100, lemonnierk at ulrar.net wrote:
> Hi,
>
> This morning one of our cluster was hacked, all the VM disks were
> deleted and a file README.txt was left with inside just
> "http://virtualisan.net/contactus.php :D"
>
> I don't speak the language but with google translete it looks like it's
> just a webdev company or something like that, a bit surprised ..
> In any case, we'd really like to know how that happened.
>
> I realised NFS is accessible by anyone (sigh), is there a way to check
> if that is what they used ? I tried reading the nfs.log but it's not
> really clear if someone used it or not. What do I need to look for in
> there to see if someone mounted the volume ?
> There are stuff in the log on one of the bricks (only one),
> and as we aren't using NFS for that volume that in itself seems
> suspicious.
>
> Thanks
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://lists.gluster.org/mailman/listinfo/gluster-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170806/c8209e0c/attachment.sig>
More information about the Gluster-users
mailing list