Are you suffering attacks to your servers?

Sergio sergio.fernandez at electronicamartinez.com
Tue Sep 13 18:46:17 EDT 2016


I think I solved the issue.

The port was listening, as I performed an "netstat -plnt" and I could 
see it.

I simply enabled ufw in Ubuntu my machine, blocking port 6379 and I 
think it has corrected this security issue.

I updated my guide in the GenieACS GitHub.

Thank you for your help! Anyway, implementing redis AUTH in GenieACS 
would be great. It could make the things harder to crack, improving 
security. Hope you could give me assistance.

Sergio F.

El 17/08/16 a las 13:23, h0rst escribió:
> Hi there!
>
> Did u actually verify (i.e using netstat) that your redis instance is only listening
> on localhost and not on any other interface/ip? Are you sure that the mentioned config
> file is really used by redis?
>
> I mean, it would be pretty difficult for a remote attacker to exploit any service
> running on localhost ;)
>
> Kind regards,
> Sebastian
>
> ----- Original Message -----
> From: "Sergio" <sergio.fernandez at electronicamartinez.com>
> To: "Community support for GenieACS users" <users at lists.genieacs.com>
> Sent: Friday, August 12, 2016 1:51:22 PM
> Subject: Re: Are you suffering attacks to your servers?
>
> Good morning! Thank you for your answers, Dan and Manny.
>
> The variants that you both have told me are great, but in our service,
> we can't restrict via IP or VLAN. On the other hand, we will implement
> in the near future the "only allow HTTP POSTs".
>
> I have been reading Slashdot this morning. And, to my surprise, I read
> this article:
> https://linux.slashdot.org/story/16/08/10/237230/linux-trojan-mines-for-cryptocurrency-using-misconfigured-redis-servers
>
> This was the exact thing that happened to me, as I described below. So I
> started to search how could I protect myself of this problems. So I
> found this page http://redis.io/topics/security that tell us to bind the
> Redis listening IP to the loopback interface.
>
> So I searched for the /etc/redis/redis.conf file and it was already set.
>
> So the next step is to configure a password. But here the problem
> arises. I will be following this guide
> https://www.digitalocean.com/community/tutorials/how-to-secure-your-redis-installation-on-ubuntu-14-04
>
> But the problem is, how can I configure GenieACS to work with a
> password-protected Redis? I simply don't know where to apply it, or if
> it's going to require new code.
>
> Any guidance? I would appreciate it a lot!
>
> Thank you,
>
> Sergio Fernández
>
> PS. I am trying to reduce space for this message and I deleted the
> previous answers.
>
> _______________________________________________
> Users mailing list
> Users at lists.genieacs.com
> http://lists.genieacs.com/mailman/listinfo/users
> _______________________________________________
> Users mailing list
> Users at lists.genieacs.com
> http://lists.genieacs.com/mailman/listinfo/users



More information about the Users mailing list