A large number of Redis servers have the risk of SSH permission theft

A large number of Redis servers have the risk of SSH permission theft
GuideRedis servers that completely ignore Security features have been plagued by various Security risks since they were created. Risk Based Security (RBS) recently, we found that 6338 compromised Redis servers, Redis, are NOSQL databases that store data in key-value pairs in the memory. According to the statistics of DB-Engines, it ranked No. 10 in popularity of the database in 2015 and No. 1 in key-value pairs.
Because Redis takes performance as the first consideration, the database does not have any authentication or other security control functions by default.Redis server SSH key Creation Vulnerability

Anyone who knows your IP address and Redis port can access any content. What's worse, at the end of 2015, we found an attack that allowed anyone to store the SSH key in the authorized_keys file on your Redis server-that means, attackers can obtain SSH access permissions on the Redis server without any password.

Currently, at least 30 thousand Redis servers without any verification measures are exposed on the Internet. According to RBS researchers, 6338 Redis servers have been stolen SSH permissions.

The company drew the above conclusion after a non-intrusive scan through Shodan. After analyzing the compromised servers, RBS researchers found that there was an SSH key named "crackit, its associated email address ryan@exploit.im has appeared in other previous intrusions. In addition to the ryan@exploit.im, this address appears 5892 times, the root@chickenmelone.chicken.com and the root@dedi10243.hostsailor.com also appear 385 times and 211 times respectively. In addition to "crackit", there are also key names such as "crackit_key", "qwe", "ck", and "crack. According to RBS analysis, this shows that they come from multiple organizations or individuals.

Attackers are not targeting specific Redis versions. Any version may be hacked.

Up to 106 versions of these attacked Redis servers are available, from the earlier version 1.2.0 to the latest version 3.2.1.

"No further results can be obtained from the analysis of the data. We can only confirm two things. The first is that this is not a new vulnerability. The second is that some servers are only infiltrated, but it is not used." The RBS researchers explained.

The company recommends that system administrators upgrade their Redis servers to the latest version, and enable the new "protection mode" introduced by version 3.2 ". In addition, do not expose the Redis server or other databases on the Internet is the minimum security rule.

From: https://linux.cn/article-7554-1.html

Address: http://www.linuxprobe.com/redis-server-ssh-risk.html