Memcache the memory cache for unauthorized access vulnerability solutions

Source: Internet
Author: User
Tags memcached iptables

Vulnerability description

Memcache is a commonly used key-value caching system, because it does not have permission control module, so the Memcache service of open Extranet is easily detected by attackers, and the sensitive information in Memcache can be read directly through command interaction.

Repair scheme

Because Memcache has no privilege control function, users need to limit the access source, and share 4 effective solutions below.

1, binding IP

If the memcache is not necessary to open the extranet, you can specify the binding IP address of 127.0.0.1 when the memcache is started. For example:
Memcached-d-M 1024-u root-l 127.0.0.1-p 11211-c 1024-p/tmp/memcached.pid
Where the-l parameter is specified as a native address.

2. Configure Iptables Rules

If the Memcache service needs to provide services externally, access control can be done through iptables.
Iptables-a input-p tcp-s 192.168.0.2--dport 11211-j
The above rules mean that only 192.168.0.2 this IP is allowed to access 11211 ports.

3, modify the configuration file

If you are using Linux, you can refer to the following methods:

View 11211 Port occupancy first

Command: Netstat-an|more

Show 0 0.0.0.0:11211 No IP restrictions

Execute command: NC-VV x.x.x.x 11211 Prompt Connection Successful

Execute command: vim/etc/sysconfig/memcached, modify configuration file

Increase Limit options= "-l 127.0.0.1″, only local access, not open to public network, save exit

Execute command:/etc/init.d/memcached Reload Restart Service

The connection command again prompts the connection to fail.

4. Server Security software

If your server has security software installed, such as a secure dog, you can configure the TCP connection policy to restrict the Memcache port's extranet IP access.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.