Hacker News new | past | comments | ask | show | jobs | submit login

Only problem I ever encountered was mainly my fault -- my Redis instance was used to hack my server (the attacker manipulated Redis data and dumped it to overwrite /etc/passwd, etc). I was an idiot and hadn't locked down my installation. Luckily my provider had disk snapshots.



Yup, same thing happen to my VPS. I had redis running on a tcp port instead of a unix socket and I didn't have a firewall setup.


Sounds interesting. Can you share how and what happened in detail?


There's actually a writeup of this technique on the Redis blog: http://antirez.com/news/96

In my case they overwrote ~/.ssh/authorized_keys, /etc/group and /etc/passwd as well.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: