
Ask HN: Are most of Redis server really infected? - jlpom
I stumbled on this article: https:&#x2F;&#x2F;www.imperva.com&#x2F;blog&#x2F;2018&#x2F;06&#x2F;new-research-shows-75-of-open-redis-servers-infected&#x2F; from a security firm that claims that a large number of redis server they scanned where infected. I am seeking for external opinion since I am not knowledgeable on security things. Do you think this is as serious as they say?
======
detaro
Keyword being "open" redis servers. Redis is not made to be run publicly
accessible, and scanning the entire internet for open services is easy
nowadays, so yes, if you leave your server freely accessible it probably gets
compromised.

------
chatmasta
If one open redis instance is compromised, then they probably all are.
Attackers scan the open internet for vulnerable hosts and then deploy their
payloads to any they find.

If you go searching for open mongo databases in shodan, you’ll see the same
thing. Most of them have been pwned and have a single table with instructions
on where to send bitcoin to get their data back.

------
elgrafico
"Clarifications on the Incapsula Redis security report"
[http://antirez.com/news/118](http://antirez.com/news/118) > antirez 17 days
ago

------
hrbf
The article talks about PUBLIC or OPEN Redis instances. Redis should never be
publicly visible or availbale, so the people running them are really bringing
this onto themselves.

