Memcache is a common set of Key-value cache system, because it does not have a rights control module, so the Open Network Memcache service is easy to be scanned by attackers, through command interaction can be directly read memcache sensitive information.
Fix solution:
Because Memcache has no rights control function, users are required to restrict access to the source.
Programme one:
If the memcache is not open in the external network, you can specify the IP address of the binding at the time memcached boot is 127.0.0.1. For example:
Memcached-d-M 1024-u root-l 127.0.0.1-p 11211-c 1024-p/tmp/memcached.pid
Where the-l parameter is specified as the native address.
Scenario Two: ( Note: Please configure iptables rules carefully )
If the Memcache service needs to be serviced externally, access control can be made through iptables.
Iptables-a input-p tcp-s 192.168.0.2--dport 11211-j ACCEPT
The above rule means that only 192.168.0.2 this IP is allowed to access port 11211.
Memcache Unauthorized Access Vulnerability