Internet-Exposed Sphinx Servers at Risk of Attacks

All Sphinx servers that are exposed to the Internet are prone to abuse by cybercriminals, as they can be accessed by anyone, CERT-Bund warns.

An open source search engine often used as a backend for web applications, Sphinx is popular among e-commerce developers and merchants due to fast full-text search capabilities, integration with popular database management systems, and support for a range of programming languages.

The issue with any Sphinx server, however, is that, in the default configuration, it listens on ports 9306/TCP and 9312/TCP on all network interfaces.

With no authentication mechanisms ..