Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Fairware ransomware attack on Redis databases

ValentineValentine Administrator
edited May 2017 in General Discussions

Redis is a popular open source key/value data store that makes access to data fast. To do this, Redis keeps a copy of data in memory to provide speed and on disk (this is important) to prevent data from being lost if Redis is restarted.

In a nutshell, this attack is performed by:
  • Sending a CONFIG command telling Redis to store key/values on disk in the “/root/.ssh/authorized_keys” file
  • Setting a key/value pair with the value being a public SSH key
  • The attacker can now log into the Redis instance via SSH as the root user
More information...

How to protect your Redis

The simplest way to prevent attackers from compromising Redis instances is to avoid exposing them to the Internet. However, if you must have Redis externally exposed, there are a few things you can do to lock it down:
  • Set up an AUTH password - Users can configure a password that is required for all connections to the Redis instance. When setting this up, ensure the password is complex, since attackers can easily brute force shorter passwords.
  • Rename or Disable the CONFIG command - It is possible to rename the CONFIG command to something unguessable or disable it altogether. If the command isn’t needed, we highly recommend disabling it.
Finally, like any software exposed to the Internet, it is critical to keep Redis up to date. Version 3.2.0 of Redis added a feature called protected mode. This mode prevents Redis instances from being accidentally deployed with an insecure configuration (binding to all interfaces with no password), which can help prevent a compromise from occurring.
Sign In or Register to comment.

Learn how to install a web and database server, email, FTP client or other applications. Discover and share information on server security or optimization recommendations.
Feel free to join our constantly expanding community, participate in discussions, strengthen your knowledge on Linux and Windows server management!
© 2013 - 2022 Time4VPS. All rights reserved.

Get In Touch