Home > Developer > Redis

Redis Crackit intrusion event causes Linux to fall

Source: Internet
Author: User
Tags redis download redis server
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


The global 6379-port Redis server is scanned and the results are as follows

The total number of IP ports on the 6379 port of Redis that is open on the public network is 63,443. There are 43,024 IPs with no password authentication and 67% in total. The number of servers affected by the Redis Crackit event was found to be 35024, up 55% in the total, and about 81% for Redis with no password authentication.

Event description

Many users are the Redis download to the server directly run using, no ACL, no password, root run, and tied to the 0.0.0.0:6379, exposed to the public network. By using Redis, an attacker can write his or her own public key or other malicious program to the target server without granting access to Redis, allowing direct control of the target server.

This attack has affected at least thousands of home servers have been successfully invaded. The Redis website does not provide patches, and the utilization process seen so far is based on the normal functionality provided by Redis, and this issue was publicly released last September as a technical issue for remote code execution RCE, and is only small-scale spread.

Restore attack process

Find a Redis service without authentication:

Vulnerable environments are user-built Linux hosts that run Redis services and open 6379 of Redis ports on the public web. Now cloud service provider Qingyun has provided the appropriate solution:

Start Redis with non-root privileges

Increased Redis password verification

Prohibit public networks from opening Redis ports, for example, 6379 Redis ports can be disabled on a Qingyun firewall

Check if Authorized_keys is illegal

  The more direct and effective repair and reinforcement recommendations are from the environmental security point of view without the need for extranet access can be tied to the loopback, while the external increase of ACLs for network access control. You can also use Stunnel and other tools to complete data encryption transmission. Effective measures such as setting a password for Redis, creating a separate Nologin system account to use for Redis services, and disabling specific commands can also be used.

Redis Crackit intrusion event causes Linux to fall

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
computer causes wifi to crash what causes website to load slowly what causes laptop screen to go black what causes printer to go offline iis log to event viewer fall vector powershell write to event log
Related Article
How to efficiently insert large amounts of data into Redis (r...
Redis.exceptions.ConnectionError:Error connecting to localhos...
AoF of Redis persistence (Append only File) and its summary
Redis List---Rpoplpush
The difference between the RDB and aof persistence for Redis ...
Why Redis is single-threaded and why is Redis so fast!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More