Houston, we got attacked

Yogesh talks about configuring and securing your Redis server to avoid attacks. Voice of experience rules!

Happy Coding !!!

Houston, you there ?? We’ve had a problem here.

One of our EC2 instance which has Redis server on it, got hacked out of nowhere.
Just before we knew it is hacked, we were screwing up with Redis configuration and thinking what could go wrong with it.

Houston – Roger that, give us more details.

Well, we’ve recently shifted our Redis server to new EC2 instance. The reason we had to do that was because, our Sidekiq processing got much bigger and we couldn’t afford it alongside the Nginx + Passenger. So we took a call to separate it out.

But while configuring Redis, we think we made some mistake :(.

Houston – What is that ?

Basically, we wanted the Redis to listen to all of our Passenger instances . Though by default, it listens on localhost because it’s  bind directive is set to  127.0.0.1 , it’s possible to listen on multiple interfaces by providing multiple IP…

View original post 355 more words

Advertisements

About Gautam Rege

Rubyist, Entrepreneur and co-founder of Josh-Software - one of the leading Ruby development shops in India.
This entry was posted in General. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s