Redis Crackit intrusion event causes Linux to fall

Source: Internet
Author: User
Tags redis download redis server


The global 6379-port Redis server is scanned and the results are as follows

The total number of IP ports on the 6379 port of Redis that is open on the public network is 63,443. There are 43,024 IPs with no password authentication and 67% in total. The number of servers affected by the Redis Crackit event was found to be 35024, up 55% in the total, and about 81% for Redis with no password authentication.

Event description

Many users are the Redis download to the server directly run using, no ACL, no password, root run, and tied to the 0.0.0.0:6379, exposed to the public network. By using Redis, an attacker can write his or her own public key or other malicious program to the target server without granting access to Redis, allowing direct control of the target server.

This attack has affected at least thousands of home servers have been successfully invaded. The Redis website does not provide patches, and the utilization process seen so far is based on the normal functionality provided by Redis, and this issue was publicly released last September as a technical issue for remote code execution RCE, and is only small-scale spread.

Restore attack process

Find a Redis service without authentication:

Vulnerable environments are user-built Linux hosts that run Redis services and open 6379 of Redis ports on the public web. Now cloud service provider Qingyun has provided the appropriate solution:

Start Redis with non-root privileges

Increased Redis password verification

Prohibit public networks from opening Redis ports, for example, 6379 Redis ports can be disabled on a Qingyun firewall

Check if Authorized_keys is illegal

  The more direct and effective repair and reinforcement recommendations are from the environmental security point of view without the need for extranet access can be tied to the loopback, while the external increase of ACLs for network access control. You can also use Stunnel and other tools to complete data encryption transmission. Effective measures such as setting a password for Redis, creating a separate Nologin system account to use for Redis services, and disabling specific commands can also be used.

Redis Crackit intrusion event causes Linux to fall

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.