Ask HN: Are most of Redis server really infected?

4 points by jlpom ↗ HN
I stumbled on this article: https://www.imperva.com/blog/2018/06/new-research-shows-75-of-open-redis-servers-infected/ from a security firm that claims that a large number of redis server they scanned where infected. I am seeking for external opinion since I am not knowledgeable on security things. Do you think this is as serious as they say?

4 comments

[ 3.9 ms ] story [ 28.6 ms ] thread
Keyword being "open" redis servers. Redis is not made to be run publicly accessible, and scanning the entire internet for open services is easy nowadays, so yes, if you leave your server freely accessible it probably gets compromised.
The article talks about PUBLIC or OPEN Redis instances. Redis should never be publicly visible or availbale, so the people running them are really bringing this onto themselves.
If one open redis instance is compromised, then they probably all are. Attackers scan the open internet for vulnerable hosts and then deploy their payloads to any they find.

If you go searching for open mongo databases in shodan, you’ll see the same thing. Most of them have been pwned and have a single table with instructions on where to send bitcoin to get their data back.