Short answer: cloud images with poor defaults. I've written about this a few times before and the problem hasn't really changed since the article was posted:
Because the open-source version of Elastic does not contain any security (not even a basic auth) and requires at least a reverse-proxy in front of it which adds difficulty of connecting two things together. And Elastic-licensed Elastic with Security needs to be configured by chaning its config file. That is apparently too complicated for most "IT specialists". :) `sudo apt-get install elasticsearch && sudo systemctl start elasticsearch` and they are done.
Docker overriding iptables rules, in my case. I was using somebody else's project distributed via docker-compose config, which made the port for elasticsearch public, which I was not aware of (I don't normally use docker or elasticsearch). Luckily I was able to regenerate the data stored in elasticsearch, though I had to do it twice because it got wiped again after regeneration and then I had to google what the hell is going on.
