Are you suffering attacks to your servers?

h0rst h0rst at
Wed Aug 17 07:23:41 EDT 2016

Hi there!

Did u actually verify (i.e using netstat) that your redis instance is only listening 
on localhost and not on any other interface/ip? Are you sure that the mentioned config
file is really used by redis?

I mean, it would be pretty difficult for a remote attacker to exploit any service 
running on localhost ;)

Kind regards,

----- Original Message -----
From: "Sergio" <sergio.fernandez at>
To: "Community support for GenieACS users" <users at>
Sent: Friday, August 12, 2016 1:51:22 PM
Subject: Re: Are you suffering attacks to your servers?

Good morning! Thank you for your answers, Dan and Manny.

The variants that you both have told me are great, but in our service, 
we can't restrict via IP or VLAN. On the other hand, we will implement 
in the near future the "only allow HTTP POSTs".

I have been reading Slashdot this morning. And, to my surprise, I read 
this article:

This was the exact thing that happened to me, as I described below. So I 
started to search how could I protect myself of this problems. So I 
found this page that tell us to bind the 
Redis listening IP to the loopback interface.

So I searched for the /etc/redis/redis.conf file and it was already set.

So the next step is to configure a password. But here the problem 
arises. I will be following this guide

But the problem is, how can I configure GenieACS to work with a 
password-protected Redis? I simply don't know where to apply it, or if 
it's going to require new code.

Any guidance? I would appreciate it a lot!

Thank you,

Sergio Fernández

PS. I am trying to reduce space for this message and I deleted the 
previous answers.

Users mailing list
Users at

More information about the Users mailing list