Resp
>I suppose that the use of this flush_all command is a bit like going on to a neighbour's property to put out a fire started by an unattended BBQ that's grown big enough to be threatening one's own. That is, the neighbour almost certainly will be grateful.
I still remember when a long time ago a neighbour got his internet shut down because he had been infected with spamspewing malware. While I was troubleshooting exactly what was going on, he fumed about how none of this was his fault or his responsibility and his ISP should have protected him.
I told him his only option was to reformat his hard drive and there was nothing else I could do. I sure as hell wasn't going to help him for free.
So yeah, don't count on people stupid enough to set up an unsecured and unpatched memcached server to be thankful that their incompetence was called out.
Simple rules for setting up a server on the internet:
-Is it a backend server? Put it behind a firewall and set up network ACLs to restrict access to minimum required to function.
-does it assist a front-end server? Put it behind a firewall and set up network ACLs to restrict access to minimum required to function.
-Is it a front-end server? Put it behind a firewall and poke one hole the and set up network ACLs to restrict access to minimum required to function. AND also restrict public URLs to only the ones the public should use if your server provides separate maintenance/admin URLs.
Biting the hand that feeds IT
