Memcached localhost connections

We got an abuse for our Fresh X5 demo install.

CERT-Bund#2015012628000389] Dear Sir or Madam Memcached[1] is an open source cache server which is used to store and retrieve data from memory easily. Memcached is frequently used in connection with web applications. The memcached server does not support any authentication, so that attackers have unrestricted access to the data stored in the cache if the server is reachable from the Internet. This makes it possible for attackers to potentially spy out information from the systems which are affected, such as login data for web applications or other confidential content. Memcached servers have been identified by the Shadowserver ‘Open Memcached Key-Value Store Scanning Project'[2] which are openly accessible from the Internet. We are sending you the following list of affected systems in your net area. The timestamp (UTC time zone) shows when the system was checked and when an open memcached server was identified. We kindly request that you examine the situation and take measures to safeguard the memcached servers on the systems concerned or inform your customer accordingly. References: [1] Memcached <http://memcached.org/&gt; [2] Shadowserver: Open Memcached Key-Value Store Scanning Project <https://memcachedscan.shadowserver.org/&gt; 24940 | 78.46.106.122 | 2015-01-28 13:58:52 | 11211 | 1.4.4

To fix this issue, please follow the steps:

1) In /etc/sysconfig/memcached change OPTIONS to: OPTIONS=”-l 127.0.0.1″

2) Run: service memcached restart

Leave a Reply