Hi Douglas,

Thanks for the concern.  The hadoop setup that is there is currently experimental, and not being used in production.  I've been focusing on a couple of things over the last few weeks, and just left it online.  

I've shut it down now, and intend to make our eventual production version more secure.  

Thanks again,
- Andrew Otto
  Analytics Systems Engineer, Wikimedia Foundation


On Jul 3, 2012, at 3:17 PM, Asher Feldman wrote:

FYI

---------- Forwarded message ----------
From: Douglas Moore <douglas.moore@thinkbiganalytics.com>
Date: Tue, Jul 3, 2012 at 12:05 PM
Subject: SECURITY exposure issue - HADOOP
To: noc@wikimedia.org


Hello,

While searching for Hadoop related material on Google, I found an administrative page on your Hadoop server, and that it is exposed to the Internet and indexed by Google.
Hadoop is not intended to run directly on the Internet so we believe this situation represents a potential security risk to your fine organization and think you should investigate further (and close public access to this research cluster).

Here is one of the open URLs: http://analytics1001.wikimedia.org:50070

Please kindly acknowledge the receipt of this email.

Thanks,

--
Douglas Moore
781-454-5971
@Douglas_MA
skype: dmoore247
Douglas.Moore@thinkbiganalytics.com
http://www.thinkbiganalytics.com


_______________________________________________
Ops mailing list
Ops@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/ops