Thinking about it, is it even normal they managed to delete the VM disks? Shoudn't they have gotten "file in use" errors ? Or does libgfapi not lock the access files ? On Sun, Aug 06, 2017 at 03:57:06PM +0100, lemonnierk@xxxxxxxxx wrote: > Hi, > > This morning one of our cluster was hacked, all the VM disks were > deleted and a file README.txt was left with inside just > "http://virtualisan.net/contactus.php :D" > > I don't speak the language but with google translete it looks like it's > just a webdev company or something like that, a bit surprised .. > In any case, we'd really like to know how that happened. > > I realised NFS is accessible by anyone (sigh), is there a way to check > if that is what they used ? I tried reading the nfs.log but it's not > really clear if someone used it or not. What do I need to look for in > there to see if someone mounted the volume ? > There are stuff in the log on one of the bricks (only one), > and as we aren't using NFS for that volume that in itself seems > suspicious. > > Thanks > _______________________________________________ > Gluster-users mailing list > Gluster-users@xxxxxxxxxxx > http://lists.gluster.org/mailman/listinfo/gluster-users
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-users
