[Koha] DDoS attack on memcached
Mark Alexander
marka at pobox.com
Thu Mar 1 02:55:56 NZDT 2018
Apparently, a bug in memcached (which we use in Koha) causes it to be
used an intermediary in a DDoS attack:
https://arstechnica.com/information-technology/2018/02/in-the-wild-ddoses-use-new-way-to-achieve-unthinkable-sizes/
I'm not an expert on this kind of thing by any means, but judging
from this:
https://github.com/memcached/memcached/wiki/ReleaseNotes156
It seems that we can disable the attack by preventing memcached from
listening on a UDP port. I was able to do this by adding the
following lines to /etc/memcached.conf:
# Disable UDP
-U 0
Then restarted memcached and apache2.
My questions for the experts: Is this the correct approach? Is it even necessary?
Is there more we should do?
More information about the Koha
mailing list