Hi Douglas,

Thanks for the concern. The hadoop setup that is there is currently experimental, and not being used in production. I've been focusing on a couple of things over the last few weeks, and just left it online.

I've shut it down now, and intend to make our eventual production version more secure.

Thanks again, - Andrew Otto Analytics Systems Engineer, Wikimedia Foundation

On Jul 3, 2012, at 3:17 PM, Asher Feldman wrote:

FYI

---------- Forwarded message ---------- From: Douglas Moore douglas.moore@thinkbiganalytics.com Date: Tue, Jul 3, 2012 at 12:05 PM Subject: SECURITY exposure issue - HADOOP To: noc@wikimedia.org

Hello,

While searching for Hadoop related material on Google, I found an administrative page on your Hadoop server, and that it is exposed to the Internet and indexed by Google. Hadoop is not intended to run directly on the Internet so we believe this situation represents a potential security risk to your fine organization and think you should investigate further (and close public access to this research cluster).

Here is one of the open URLs: http://analytics1001.wikimedia.org:50070

Please kindly acknowledge the receipt of this email.

Thanks,

-- Douglas Moore 781-454-5971 @Douglas_MA skype: dmoore247 Douglas.Moore@thinkbiganalytics.com http://www.thinkbiganalytics.com

---

Ops mailing list Ops@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/ops