On Tue, Jun 3, 2014 at 3:33 PM, 'Adolfo Rodriguez' via elasticsearch <elasticsearch@googlegroups.com> wrote: > i was using release elasticsearch-0.90.5 in my exploited server, so maybe > this is already fixed in current release by disabling script.disable_dynamic > by default
I got caught by this a week ago using 1.1.0 on Ubuntu 12.04. Had not even thought about a high port like 9200 being open by default. (And no, there's no Tomcat or Struts app on that box.) Luckily NewRelic tipped me off right away and I was able to put it into rescue mode while I provisioned a new server. One more item for the checklist :-) -- Hassan Schroeder ------------------------ hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CACmC4yC%3D24X-0OBT3weju9s_9v--RJ4yLBahPn6dSuKwBho2ig%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.