Malware-proof ElasticSearch in Four Lines
Yesterday I saw yet another report of how frequently people install ElasticSearch, open the HTTP API to the public internet and completely disregard the fact that anybody has a write access to it.
« 4000+ ElasticSearch instances found been hosting POS (!!) malware»
Earlier this year, a ransomware attack infected more than 35000 open ElasticSearch instances periodically overwriting all data with a single document containing the Bitcoin ransom request
« 35000+ ElasticSearch instances infected by Ransomware (Jan 2017)»
Why would anybody have an ElastiSearch left exposed with no protection from write/update/delete operations to the public Internet?
Because it’s convenient! You can power fancy multi-dimensional search boxes and similarity-based recommendations widgets in your website.
And mostly because by the time the customer realises what you have done and their catalogue is at the mercy of anyone in the internet, your job is done and you are long gone.
So, this is not only sad, but utterly unjustified. Why? Because back in 2013 I started writing a tiny Open Source plugin called ReadonlyREST that — among the other things — enable a secured version of the above described search box use case. And it’s so simple to use, it’s almost embarrassing.
So please, seriously, use it. It’s out there and it’s free (as in beer and as in freedom).
Disclaimer: In the summer of 2017, ReadonlyREST became a “OSSmium” product (open source core + premium tiers).
Thanks to this business model, the GPLv3 core has grown at a fast rate in quality, new features, and finally supports many more ElasticSearch versions.
The commercial offers instead are focused on good-to-have Kibana specific features, Elastic stack security. Check them out!
