Securing Memcached


In many cases, memcached is utilised to store data legitimately on local servers, however in many cases it can be misconfigured, and allow any illegitimate attacker to access, and modify your data stored within the service, due to it not having any Authentication Measures available.

You can read up on this further at the below URL

It is recommended that if you're only using it on the local server, you ensure that it is bound to the loopback address.

You can ensure this is the case, using the configuration values below;


[root@server ~]# grep -- "-l" /etc/sysconfig/memcached

Ubuntu / Debian

root@server:~# grep -- "-l" /etc/memcached.conf

If either of the above examples end up empty, you will have to add in the respective lines and restart the service in order to secure it on the localhost.


Have more questions? Submit a request