There seems to be an on-going ransacking of Elasticsearch clusters, similar to what we have seen with MongoDB just recently. Clusters all over the world are being cleaned up and ending up with a single index definition with a ransom demand looking like this:
Whatever you do, never expose your cluster nodes to the web. This sounds obvious, but evidently this isn't done by all. Your cluster should never-ever be exposed to the public web. Here are all the anti-patterns, Do's and Don'ts to make sure you are on the safe side.
HTTP-enabled nodes need to listen to private IPs only
Elasticsearch can be told what IPs to listen to, and you can control whether that's localhost, private IPs, public IPs or any combi...