I was informed earlier today about a potential security problem relating to the ElasticSearch service. In very specific cases its appears (but are still investigating) that an attacker has gained access to a users server via an ElasticSearch service that is listening on a public IP address. The fix is simple, just ensure that the service only listening for localhost connections. Open up your *ESdirectory*/config/elasticsearch.yml and edit Code: # network.host: 192.168.0.1 to Code: network.host: 127.0.0.1 and Code: # http.port: 9200 to Code: http.port: 9200 Additionally some IPTables rules can add an additional layer of security, generally if your IPTables rule set includes iptables -P INPUT DROP, and you haven't opened your ElasticSearch port publicly via IPTables, likewise you should be safe. These specific rules can be added if required (alter the port if you have ElasticSearch bound to a different port obviously). Code: iptables -A INPUT -p tcp -s localhost --dport 9200 -j ACCEPT iptables -A INPUT -p tcp --dport 9200 -j DROP Anyone who has had ElasticSearch installed and configured by myself should have already had the network host set to 127.0.01 as part and parcel of the install process (I will of usually sent confirmation of my install settings including this one to you when the install was finished), however if you wish me to check for you, just drop me a conversation with your relevant details.