Home > Developer > Web Develop

Improper configuration of Redis can cause the server to be controlled, and multiple sites have been affected #通用程序安全预警 #

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Article from: HTTP://NEWS.WOOYUN.ORG/6E6C384F2F613661377257644B346C6F75446F4C77413D3D

Servers that meet the "improperly configured Redis services" condition in an alert are at risk of being controlled by an attacker.

November 4, foreign security researcher @antirez announced a high-risk security risk for REDIS services. It found that if the Redis service is improperly configured, combined with the SSH service, you can get root privileges of the server directly. Improper configuration of the

Server includes three parts:

  1. Redis service starts with the root account;

  2. Redis Service has no password authentication or weak password authentication;

  3. Server open SSH service, allow key login

Servers that meet the above conditions are at risk of being controlled by the attacker. There's a white hat on the black cloud. Some sites have been found to have problems and submitted vulnerability reports. and the Security Scan service tangscan monitored, and an attacker began exploiting the vulnerability to attack domestic servers.

Redis is an open-source NoSQL database that is often used to increase the speed of data read and write, and speed up website access. According to db-engines.com data, it is the most popular NoSQL database in the world and is used in a huge amount of internet products.

Dark clouds suggest that there are sites that use Redis and should be checked for misconfiguration as soon as possible. If you find a problem, you can fix it as follows:

  1. Disable the use of the root account to start the Redis service;

  2. Enable password for Redis access Authentication, and add IP access restrictions;

  3. Do not open the SSH service directly to the public network as much as possible.

update: After an alert is released, there are white hat in the enterprise informing the cloud that there are signs that an attacker could scan and exploit the network on a large scale. Again, the use of Redis website, please start self-examination, confirm the risk.

Improper Redis configuration can cause the server to be controlled and multiple Web sites affected #通用程序安全预警 #

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
server setup and configuration multiple wordpress sites on one server installation and configuration of php can airpods connected to multiple devices how to create multiple wordpress sites linux server installation and configuration upload video to multiple sites at once

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More