Redis keys missing

[karthik bidder]

HI,

127.0.0.1:6379> keys *
1) "backup1"
2) "backup3"
3) "backup2"
4) "backup4"
127.0.0.1:6379>

Created keys has been removed automatically and above keys created. 

Version:

Redis server v=7.0.4 sha=00000000:0 malloc=jemalloc-5.2.1 bits=64 build=c7d71d4b63066c

Have uninstalled and tried many times, but nothing works.

Plz anyone help me to get it fixed. Thanks in advance.

Regards,

Kaethik

[David Maier (Redis)]

Hi Karthik,

I suspect that your Redis instance got 'hacked'. I am not aware of any Redis feature that would put backup keys into your database by deleting the old ones. You might want to answer yourself the following questions:

• Was your Redis instance accessible from the internet?
• If so, did you protect your Redis instance with a password?
• Was the server host accessible from the internet (e.g., via SSH)?
• Did you enforce security controls that make it hard to access the host from the outside world? (e.g., TLS certs for SSH access, or firewall rules that limit the access to specific static IP addresses and ports)

If you created frequent RDB backups of your database by moving them to a secure external (not on the same server) location, you might be able to recover some of your data.

There seems to be a known attack which has similar symptoms as yours: https://stackoverflow.com/questions/50264694/my-redis-auto-generated-keys .

Regards,

David

--
You received this message because you are subscribed to the Google Groups "Redis DB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redis-db+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/redis-db/67fbc616-4a71-4a83-9e24-f3e9f47c961bn%40googlegroups.com.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

[karthik bidder]

Hi David,

Thanks for the udpates.

Was your Redis instance accessible from the internet?

- yes

If so, did you protect your Redis instance with a password?

- Nope, since it's dev environment so we haven't.

Was the server host accessible from the internet (e.g., via SSH)?

- Yes, it's

Did you enforce security controls that make it hard to access the host from the outside world? (e.g., TLS certs for SSH access, or firewall rules that limit the access to specific static IP addresses and ports)

- So far we haven't, planned to setup while moving production.

But there is no much external access so far in the instances, i wonder how this happened at this moment. Also am much worry about, what will be happen in future.

Now am reinstalling the redis, and add rules for specific IP's. Let me check update if issue happened again.

Regards,
Karthik

[David Maier (Redis)]

Hi Karthik,

I can understand that you are worried, but I am confident that you will be able to prevent this situation in the future by applying some data -security and -safety best practices:

• Use another port than the default port for your Redis instance
• Set a strong password to prevent unauthorized access
• Limit the access to specific IP addresses only (for instance via Cloud firewall rules)
• If you aren't accessing Redis via a private network (e.g., with the help of VPC peering), then use TLS to encrypt the data in transit
• Perform a periodic backup of your data

You might consider using Redis as a Service (e.g, Redis Enterprise Cloud). This could help you to more easily secure and operate your Redis databases.

Hope this helps.

Regards,

David

To view this discussion on the web visit https://groups.google.com/d/msgid/redis-db/c68c8f4a-dd10-43a0-9858-469f844a5f0dn%40googlegroups.com.