P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers.
Our prod exposed Redis until I noticed. Apparently we had to reset caches after releases, and our devOPs forgot to remove access to it after creating scripts to handle that.
It happens, but it really shouldn’t. At least ours was at a different subdomain (something like app-region-redis.domain.com or whatever).
People really expose redis to the internet?
Yes.
303,481 servers worldwide, according to Shodan.
😭 why though? I assume that if you are smart enough to setup redis, you’d be smart enough to use VPNs (or similar) as to never expose it
Our prod exposed Redis until I noticed. Apparently we had to reset caches after releases, and our devOPs forgot to remove access to it after creating scripts to handle that.
It happens, but it really shouldn’t. At least ours was at a different subdomain (something like app-region-redis.domain.com or whatever).