<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I'm not sure what you mean by saying "NFS is available by
anyone"?<br>
</p>
<p>Are your gluster nodes physically isolated on their own
network/switch?</p>
<p>In other words can an outsider access them directly without
having to compromise a NFS client machine first?</p>
<p>-bill<br>
</p>
<br>
<div class="moz-cite-prefix">On 8/6/2017 7:57 AM,
<a class="moz-txt-link-abbreviated" href="mailto:lemonnierk@ulrar.net">lemonnierk@ulrar.net</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:20170806145706.GA9768@ciara.ulrar.net">
<pre wrap="">Hi,
This morning one of our cluster was hacked, all the VM disks were
deleted and a file README.txt was left with inside just
<a class="moz-txt-link-rfc2396E" href="http://virtualisan.net/contactus.php:D">"http://virtualisan.net/contactus.php :D"</a>
I don't speak the language but with google translete it looks like it's
just a webdev company or something like that, a bit surprised ..
In any case, we'd really like to know how that happened.
I realised NFS is accessible by anyone (sigh), is there a way to check
if that is what they used ? I tried reading the nfs.log but it's not
really clear if someone used it or not. What do I need to look for in
there to see if someone mounted the volume ?
There are stuff in the log on one of the bricks (only one),
and as we aren't using NFS for that volume that in itself seems
suspicious.
Thanks
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Gluster-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a>
<a class="moz-txt-link-freetext" href="http://lists.gluster.org/mailman/listinfo/gluster-users">http://lists.gluster.org/mailman/listinfo/gluster-users</a></pre>
</blockquote>
<br>
</body>
</html>