Blocking Memcached Exploit Zimbra –

Detailed in this blog post, Zimbra memcached may face "memcrashd" attack on port 11211. By-default memcached listens on server IP address which is accessible in the network and on Internet if there is no firewall. If your Zimbra memcache servers are behind firewall, we recommend blocking ingress and egress traffic on…

Blocking Memcached Exploit Zimbra

Info awal : https://wiki.zimbra.com/index.php… https://blog.cloudflare.com/memcrashed-major-amplification…/ https://medium.com/…/the-memcached-amplification-attack-rea… Untuk yang menggunakan Zimbra dengan memcached terpasang (mandatory mulai Zimbra versi 8.7.x) segera eskalasikan dengan perintah : zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1 zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1 Kemudian restart services. Untuk Zimbra < 8.7 yang pakai memcached, periksa file /opt/zimbra/bin/zmmemcachedctl dan sesuaikan. nano "/opt/zimbra/bin/zmmemcachedctl"…