|
I'm not sure what you mean by saying "NFS is available by
anyone"? Are your gluster nodes physically isolated on their own network/switch? In other words can an outsider access them directly without having to compromise a NFS client machine first? -bill On 8/6/2017 7:57 AM,
lemonnierk@xxxxxxxxx wrote:
Hi, This morning one of our cluster was hacked, all the VM disks were deleted and a file README.txt was left with inside just "http://virtualisan.net/contactus.php :D" I don't speak the language but with google translete it looks like it's just a webdev company or something like that, a bit surprised .. In any case, we'd really like to know how that happened. I realised NFS is accessible by anyone (sigh), is there a way to check if that is what they used ? I tried reading the nfs.log but it's not really clear if someone used it or not. What do I need to look for in there to see if someone mounted the volume ? There are stuff in the log on one of the bricks (only one), and as we aren't using NFS for that volume that in itself seems suspicious. Thanks |
_______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://lists.gluster.org/mailman/listinfo/gluster-users
