In Addition what has been said before (use private networks/firewall rules) - activate Kerberos authentication so that only Solr hosts can write to Zk (the Solr client needs no write access) and use encryption where possible. Upgrade Solr to the latest version, use ssl , enable Kerberos, have clients not having any admin access on Solr (minimum privileges only!), use Solr whitelists to enable only clients that should access Solr, enable Java security manager (* to make it work with Kerberos auth you need for it to wait for a newer Solr version).
> Am 28.07.2020 um 22:41 schrieb Odysci <ody...@gmail.com>: > > Folks, > > I suspect one of our Zookeeper installations on AWS was subject to a Meow > attack ( > https://arstechnica.com/information-technology/2020/07/more-than-1000-databases-have-been-nuked-by-mystery-meow-attack/ > ) > > Basically, the configuration for one of our collections disappeared from > the Zookeeper tree (when looking at the Solr interface), and it left > several files ending in "-meow" > Before I realized it, I stopped and restarted the ZK and Solr machines (as > part of ubuntu updates), and when ZK didn't find the configuration for a > collection, it deleted the collection from Solr. At least that's what I > suspect happened. > > Fortunately it affected a very small index and we had backups. But it is > very worrisome. > Has anyone had any problems with this? > Is there any type of log that I can check to sort out how this happened? > The ZK log complained that the configs for the collection were not there, > but that's about it. > > and, is there a better way to protect against such attacks? > Thanks > > Reinaldo
