3 bad things here: * You exposed your cluster to internet directly * You did not disable dynamic scripting * May be you are running your elasticsearch node as root?
You should read that documentation: http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-scripting.html#_disabling_dynamic_scripts -- David Pilato | Technical Advocate | Elasticsearch.com @dadoonet | @elasticsearchfr Le 9 juillet 2014 à 10:45:30, Umutcan (umut...@gamegos.com) a écrit: Hi, We have been testing Elasticsearch for a while. Our ES cluster was on AWS. We installed Bigdesk, Marvel, Thrift, EC2 Discovery plugins. There were 5 instance (1 load balancer, 4 data node) and all of them were version 0.90. Yesterday, We have received an e-mail from AWS. They said one of our instance in ES cluster was making DOS attacks from UDP port 80. We did not restrict ports, because it was an test cluster. It can be main cause of this problem, but I still want to ask if there is a known bug (in ES or modules or plugins) that cause something like this or if there is anyone who have seen some kind of similar problem. Thanks, Umutcan Onal -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/53BD012A.2090109%40gamegos.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/etPan.53bd04d9.189a769b.6455%40MacBook-Air-de-David.local. For more options, visit https://groups.google.com/d/optout.