On Tue, Jul 28, 2020 at 4:39 PM Odysci <ody...@gmail.com> wrote: > > Folks, > > I suspect one of our Zookeeper installations on AWS was subject to a Meow > attack ( > https://arstechnica.com/information-technology/2020/07/more-than-1000-databases-have-been-nuked-by-mystery-meow-attack/ > ) > > Basically, the configuration for one of our collections disappeared from > the Zookeeper tree (when looking at the Solr interface), and it left > several files ending in "-meow" > Before I realized it, I stopped and restarted the ZK and Solr machines (as > part of ubuntu updates), and when ZK didn't find the configuration for a > collection, it deleted the collection from Solr. At least that's what I > suspect happened. > > Fortunately it affected a very small index and we had backups. But it is > very worrisome. > Has anyone had any problems with this? > Is there any type of log that I can check to sort out how this happened? > The ZK log complained that the configs for the collection were not there, > but that's about it. > > and, is there a better way to protect against such attacks? > Thanks > > Reinaldo
Use VPC and private networks! ask in ##aws on freenode if you are really lost
