[Gluster-users] Volume hacked

lemonnierk at ulrar.net lemonnierk at ulrar.net
Sun Aug 6 14:57:06 UTC 2017


Hi,

This morning one of our cluster was hacked, all the VM disks were
deleted and a file README.txt was left with inside just
"http://virtualisan.net/contactus.php :D"

I don't speak the language but with google translete it looks like it's
just a webdev company or something like that, a bit surprised ..
In any case, we'd really like to know how that happened.

I realised NFS is accessible by anyone (sigh), is there a way to check
if that is what they used ? I tried reading the nfs.log but it's not
really clear if someone used it or not. What do I need to look for in
there to see if someone mounted the volume ?
There are stuff in the log on one of the bricks (only one), 
and as we aren't using NFS for that volume that in itself seems
suspicious.

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170806/1a8f66a1/attachment.sig>


More information about the Gluster-users mailing list