Houston, We’re Under Attack!

by Gautam Rege, posted in General

Yogesh talks about configuring and securing your Redis server to avoid attacks. Voice of experience rules!

Happy Coding !!!

Houston, you there ?? We’ve had a problem here.

One of our EC2 instance which has Redis server on it, got hacked out of nowhere.
Just before we knew it is hacked, we were screwing up with Redis configuration and thinking what could go wrong with it.

Houston – Roger that, give us more details.

Well, we’ve recently shifted our Redis server to new EC2 instance. The reason we had to do that was because, our Sidekiq processing got much bigger and we couldn’t afford it alongside the Nginx + Passenger. So we took a call to separate it out.

But while configuring Redis, we think we made some mistake :(.

Houston – What is that ?

Basically, we wanted the Redis to listen to all of our Passenger instances . Though by default, it listens on localhost because it’s  bind directive is set to  127.0.0.1 , it’s possible to listen on multiple interfaces by providing multiple IP…

View original post 355 more words

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.