Hello All,
I was one of the many that had a misconfigured server with memcached exposed to the internet, I guess I skimmed over the part where it wasn't a good idea. Lesson learned, and I'm doing more research on the subject. Thankfully I don't think I ever had it configured to work with ownCloud correctly from the start as I have tons errors pre-dating the attack.
Example of the many errors in the owncloud.log :
Error 47 interacting with memcached : SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY
My server got used in the memcached ddos exploit on the 2nd of May and I have since taken memcached offline. I am just wondering what kind of damages could have been done to my server, what to look for. Everything else seems to be working just fine. What kind of nasty things can a 'hacker' do to the server with an open memecached? What data does owncloud store/use memcached for?
Thanks in advance.