Open Elastic node on Shodan

Today, several administrators use elastic as a real-time data search and analysis tool. But, they forget to secure these node ...

With a simple search on shodan, we can find the Elastic indices :"9200" product:”Elastic”

Information can be accessed through these addresses (We can found some confidentiel information) :


Here are some recommendations for securing your nodes :

  • Only allow direct access to known IP addresses
  • Add Authentication to Elastic Node


  1. Use this filter on shodan to search elastic node : port:”9200" product:”Elastic”
  2. Check Elastic connection : http://@IP:9200
  3. Executing Search : http://@IP:9200/_search?pretty

This Node disclose some confidentiel information, we can use it to access to all accounts …

I contacted the concerned to secure this node !

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.