Protect Your Server From Memcached
By default, zimbra memcached runs on port 11211 and listens on the zimbra server’s IP address. The ip can also be reachable from both inside or outside of the local network.
So what do you do to protect your server from any possible memcached exploitation:
- If your zimbra server is behind a firewall, you should block all incoming & outgoing traffics on port 11211 from the internet to your zimbra server.
- Furthermore, you should add IP TABLES rules in your zimbra server for this memcached service. Rules will be as follows:
Drop all connections to port 11211; iptables -I INPUT -p udp --dport 11211 -j DROP iptables -I INPUT -p tcp --dport 11211 -j DROP Accept only connections from localhost to this port iptables -I INPUT -p udp -s 127.0.0.1 --dport 11211 -j ACCEPT iptables -I INPUT -p tcp -s 127.0.0.1 --dport 11211 -j ACCEPTAlso, modify Zimbra Memcached so that it listens to the local host onlysu - zimbra /opt/zimbra/bin/zmprov ms `zmhostname` zimbraMemcachedBindAddress 127.0.0.1 /opt/zimbra/bin/zmprov ms `zmhostname` zimbraMemcachedClientServerList 127.0.0.1 zmmemcachedctl restart