FindMyHost

Web Hosting News

Future Hosting Warns Server Hosting Clients To Check Memcached For DDoS Attack Risk

August 10
09:08 2018

SOUTHFIELD, MICH. – Future Hosting, a managed VPS and dedicated hosting provider, has warned server hosting clients of the dangers posed by insecure Memcached instances. When configured incorrectly Memcached, a popular caching application, can be used by bad actors to launch massive Distributed Denial of Service attacks (as reported in CSO Online).

Memcached is used by millions of websites around the world. It is a key-value database that caches the results of database queries to accelerate the performance of web applications. Memcached can be configured to accept connections from arbitrary hosts on the open web. Bad actors can use insecure Memcached instances to launch amplified, reflected DDoS attacks against their victims, taking their websites and applications offline.


Memcached is one of many applications that can be used to amplify the bandwidth available to an attacker: open DNS servers and NTP servers are also common vectors. But Memcached is significantly more potent. It can be used to amplify the data in a DDoS attack by a factor of more than 50,000.

“Future Hosting provides server hosting for thousands of businesses, and we’re concerned that insecure Memcached instances pose a serious threat to our clients and other businesses on the web,“ said Maulesh Patel, VP of Operations of Future Hosting, “Memcached is ubiquitous on the modern web because of its usefulness, but less experienced system administrators are not configuring it securely, providing bad actors with a DDoS vector that threatens even the largest online businesses.”

Earlier this year, a popular version control platform was targeted by a record-breaking DDoS attack that peaked at 1.35 TB per second. Soon after, that record was broken by a DDoS attack that used insecure Memcached instances to send 1.7 TB per second to its victim. Few businesses can mitigate attacks of this magnitude.

Future Hosting urges server administrators to ensure that Memcached instances hosted on their servers are configured securely. Memcached should never be reachable from the open internet or configured to respond to requests from arbitrary hosts.

Developers and system administrators without the expertise to securely configure server software should consider hiring a professional system administrator or a managed server hosting provider that can configure a secure hosting environment.

About Future Hosting, LLC
Founded in 2001, Future Hosting is a privately held leading Internet solutions provider specializing in managed hosting, including Dedicated Servers, Virtual Private Servers, and Hybrid Virtual Private Servers. The company has built a strong reputation for its high-quality service, innovative pricing models, and 3-hour Service Level Agreement. Future Hosting is based in Southfield, Michigan.

About Author

FindMyHost Editor

FindMyHost Editor

The 'Web Hosting Blog' at FindMyHost.com was established to provide the web hosting industry with the very latest in news, technology, interviews, event information and more. About FindMyHost.com: Launched in January 2001 to protect Web Host Consumers and Web Developers from making the wrong choice when choosing a Web host. FindMyHost.com showcases a selection of web hosting companies who have undergone our Approved Host program testing and provides reviews from customers.

Related Articles

0 Comments

No Comments Yet!

There are no comments at the moment, do you want to add one?

Write a comment

Write a Comment

Special Offers:

SUBSCRIBE TO OUR MAILING LIST