On 2018-02-28 01:47 PM, Chris Cormack wrote:
That will work, however unless you have configured your memcached server to listen on an external IP it will only be listening on localhost. It's worth checking both though.
and/or block at border -- there's an up-tick in attempts. In the last few minutes: Feb 28 14:05:20 Wed Feb 28 14:05:11 2018 router2 System Log: Blocked incoming UDP packet from 185.94.111.1:52499 to 70.52.***.***:11211 Feb 28 14:07:06 Wed Feb 28 14:06:59 2018 router2 System Log: Blocked incoming UDP packet from 46.243.189.105:37750 to 70.52.***.***:11211 Best -- P.
Chris
On 1 March 2018 2:55:56 AM NZDT, Mark Alexander <marka@pobox.com> wrote:
Apparently, a bug in memcached (which we use in Koha) causes it to be used an intermediary in a DDoS attack:
https://arstechnica.com/information-technology/2018/02/in-the-wild-ddoses-us...
I'm not an expert on this kind of thing by any means, but judging from this:
https://github.com/memcached/memcached/wiki/ReleaseNotes156
It seems that we can disable the attack by preventing memcached from listening on a UDP port. I was able to do this by adding the following lines to /etc/memcached.conf:
# Disable UDP -U 0
Then restarted memcached and apache2.
My questions for the experts: Is this the correct approach? Is it even necessary? Is there more we should do? _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha