Learn about Linux, please refer to the book "Linux should Learn"
A redis server that completely ignores security features has been plagued by various security risks since its inception, and Risk Based Security (RBS) recently discovered 6338 compromised Redis servers Redis is a NOSQL data that stores data in memory in key-value pairs Library. According to Db-engines's statistics, it ranked tenth in database popularity in 2015, and ranked first in the database for key values. Because Redis takes performance as a first consideration, the database does not have any authentication or other security controls under the default configuration.
SSH key creation vulnerability exists for Redis server Anyone who knows your IP address and Redis Port will be able to access any of the content. Worse, at the end of 2015, an attack was discovered that would allow anyone to store an SSH key in a Authorized_keys file on your Redis server-meaning that an attacker would not need any password to gain SSH access on the Redis server.
Now, at least 30,000 Redis servers without any verification measures have been exposed to the Internet, and 6338 Redis have been hacked with SSH permissions, according to RBS researchers.
The company reached its conclusion after a non-invasive scan through shodan. After analyzing the compromised server, the RBS researchers found that there was an SSH key named "Crackit" with an associated email address[email protected]Had appeared in other previous intrusions. Apart from[email protected]This address has appeared 5,892 times,[email protected]And[email protected]Also appeared 385 and 211 times respectively. In addition to "Crackit", there are some key names such as "Crackit_key", "Qwe", "ck" and "crack". According to the RBS analysis, this indicates that they come from multiple organizations or individuals.
the attacker does not target a specific Redis version, and any version may be hacked The version of these hacked Redis servers is up to 106, from the early 1.2.0. to the newest 3.2.1.
"Without further results from the analysis of these data, we can only confirm two things, the first thing is that this is not a new vulnerability, and the second is that some servers are just hacked, but not exploited." "The RBS researchers explained.
The company recommends that system administrators upgrade their Redis servers to the latest version and enable the new "protected mode" introduced in version 3.2. Also, don't expose Redis servers or other databases to the Internet as a minimum security guideline. |
A large number of Redis servers are at risk of SSH privilege theft