Sunday, November 8, 14:12
Home security Over 6.000 Redis Database Servers are Exposed!

Over 6.000 Redis Database Servers are Exposed!

The total neglect of some security features in the creation of Redis Database Servers turned the project haunted years later, as Risk Based Security (RBS) reports that it has discovered 6.338 Redis servers that have been compromised.

O Redis is a NoSQL database server that is ideal for storing data in a key-value format that uses a system in memory for processing data and subsequent queries. According to statistics from DB-Engines, Redis ranked tenth in terms of the use and popularity of 2015.

Over 6.000 Redis Database Servers are Exposed!

Because Redis was created with rendering in mind, in a default setting, the database does not have any kind of authentication or some other possible security feature.

This means that anyone can access its content only by knowing the IP and port. Worst of all is that, towards the end of 2015, one exploit it seemed that a third party was allowed to store an SSH key in the authorized_keys file from any other Redis server that did not have an authentication system installed.

There are more than 30.000 Redis database servers without some authentication available online. According to RBS researchers, 6.338 from these servers was at risk.

The company came to this conclusion after performing a non-invasive scan using Shodan. The interest of the RBS researchers peaked when they analyzed a hacked server featuring the "crackit" SSH key, which was linked to an email address [ryan@exploit.im] that they had previously encountered in other cases.

Scanning with it Shodan for open Redis servers that did not feature non-standard SSH keys, researchers found 5.892 SSH key cases associated with the ryan@exploit.im email address. In addition, they found 385 keys linked to root@chickenmelone.chicken.com and 211 keys with root@dedi10243.hostsailor.com.

The most common non-standard keys were "crackit", "crackit_key", "qwe", "ck" and "crack". In total, RBS found 14 unique emails and 40 unique combinations SSH keys. As RBS explained, these reports seem to be the work of many groups or individuals.

As for the exposed Redis database versions, researchers found 106 different versions, ranging from the latest 1.2.0 version to the latest version, 3.2.1.

"While we haven't been able to find anyone to confirm it publicly, it seems from our analysis that we have confirmed two things: the first is that this is not something new and the second, that some servers are out there infected and not used for nothing malicious ”, RBS researchers have explained.

The security company recommends to Webmasters update their Redis databases to the latest version and enable “protected mode", A security feature introduced in Redis with version 3.2.

These 6.338 servers are still exposed until today, which means young people threats can easily put them at risk again.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Youtube: How can you download videos for free and legally?

Many times we enjoy videos on Youtube without being able to download them, as this action requires payment ....

The increase in Emotet attacks brings greater profits to ransomware groups

Attacks with Emotet malware have been on the rise lately and will not stop any time soon. The gang behind ...

How to unsubscribe from automated messages

Every day we receive many notifications in the form of messages on our smartphone, from store offers and updates from the bank to messages from policies ...

How to install third party app stores on Android

The Google Play Store is the official Android store for apps and games. However, the "opening" of Android means that you can ...

Google Shopping helps you find the best deals

With the festive season approaching, finding the best deals can be a challenge when shopping at ...

Apple Watch: How to take a screenshot on your "smart" watch?

If you have an Apple Watch, one of the things you can do is take a screenshot of your wearable device. Many will ...

McAfee: New data on defense espionage campaigns

Hackers used unknown, until recently, tools to spy on defense and aerospace organizations. The attacks started with phishing emails and social ...

How to stop the automatic light of the Apple watch

Apple Theater's Cinema mode stops the screen from illuminating every time you move your hand ....

Dell allows hardware privacy checks on Linux

Do you want to make sure your webcam and microphone are turned off? Dell adds code to Linux to support ...

Apple has released iOS 14.2 with new features and new emoji

Apple released iOS 14.2 today. It includes many new features as well as some important bug fixes and security updates. Including,...