(error) NOAUTH Authentication required even when requirepass is commented in conf
309 views
Skip to first unread message
Saurabh Bhardwaj
Dec 9, 2015, 3:12:35 AM12/9/15
to Redis DB
Hi,
Recently i have faced an issue on redis. Getting "NOAUTH Authentication required" message when trying to access redis server from redis client, the issue resolves itself when the service is restarted but it raises again after 4 to 5 hours. Please note that the requirepass is commented in the configuration file.
Redis Version: 2.8.9
Urgent help is required.
Thanks
Saurabh
Greg Andrews
Dec 9, 2015, 3:27:12 AM12/9/15
to redi...@googlegroups.com
Something is connecting to your Redis server, and performing the commands to change the configuration to require a password.
If your Redis server is properly secured, it can only be something connecting from one of your own servers, so you can track it down and stop it.If your Redis server is open to the world, then you probably won't be able to track down the source, and you'll have to make your Redis secure so strangers can't change your configuration like that. (see http://redis.io/topics/security where under the heading "Network Security" it says, "Access to the Redis port should be denied to everybody but trusted clients in the network, so the servers running Redis should be directly accessible only by the computers implementing the application using Redis.")
--
You received this message because you are subscribed to the Google Groups "Redis DB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redis-db+u...@googlegroups.com.
To post to this group, send email to redi...@googlegroups.com.
Visit this group at http://groups.google.com/group/redis-db.
For more options, visit https://groups.google.com/d/optout.
Salvatore Sanfilippo
Dec 9, 2015, 4:22:50 AM12/9/15
to Redis DB
There is currently an activity by some "white hat" security person,
which is sending CONFIG SET requirepass "..." to Redis instances, in
order to hint their owners they instances are not secured.
Please make sure your instance is secured and not accessible by outside ASAP.
Salvatore 'antirez' Sanfilippo
open source developer - Redis Labs https://redislabs.com
"If a system is to have conceptual integrity, someone must control the
concepts."
— Fred Brooks, "The Mythical Man-Month", 1975.
which is sending CONFIG SET requirepass "..." to Redis instances, in
order to hint their owners they instances are not secured.
Please make sure your instance is secured and not accessible by outside ASAP.
> --
> You received this message because you are subscribed to the Google Groups
> "Redis DB" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to redis-db+u...@googlegroups.com.
> To post to this group, send email to redi...@googlegroups.com.
> Visit this group at http://groups.google.com/group/redis-db.
> For more options, visit https://groups.google.com/d/optout.
--
> You received this message because you are subscribed to the Google Groups
> "Redis DB" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to redis-db+u...@googlegroups.com.
> To post to this group, send email to redi...@googlegroups.com.
> Visit this group at http://groups.google.com/group/redis-db.
> For more options, visit https://groups.google.com/d/optout.
Salvatore 'antirez' Sanfilippo
open source developer - Redis Labs https://redislabs.com
"If a system is to have conceptual integrity, someone must control the
concepts."
— Fred Brooks, "The Mythical Man-Month", 1975.
Reply all
Reply to author
Forward
0 new messages