我开发了一个带有 Redis 数据存储的小型应用程序。我在我的开发机器上没有遇到任何问题。该应用程序是使用 docker 映像构建的,并在 docker-compose yml 文件中定义。
我已将项目部署到 VPS 上。环境实际上是相同的,它是使用相同的 docker-compose 设置等从相同的 docker 镜像/Dockerfile 构建的。
我注意到每隔几个小时我的 Redis 数据存储就会被清空一次。在挖掘日志时,我发现 Redis 想要复制到(对我来说)未知的 IP 地址(位于俄罗斯)。
我不知道发生了什么事。看来我的服务器已被入侵,这当然是有可能的。但它是全新安装(ubuntu 18.04),上面只有我的项目。没有未知的软件包或其他安全风险。除了恶意代码之外,我从未遇到过类似的行为。
当查找 IP 时,它希望与俄罗斯托管的 VPS 进行复制。访问 IP 时,我会看到默认的 Nginx 页面。
我已经在我的机器上查找 IP 地址,但没有找到任何结果。我已经导出了 Docker 映像并在导出中查找该 IP(也是 ipv6),但也没有找到任何内容。
我一无所知,有人知道这里发生了什么吗?
以下是日志文件中的一个片段。
1:M 13 Jul 2020 20:06:18.108 * Background saving terminated with success
1:S 13 Jul 2020 20:06:20.873 * Before turning into a replica, using my own master parameters to synthesize a cached master: I may be able to synchronize with the new master with just a partial transfer.
1:S 13 Jul 2020 20:06:20.873 * REPLICAOF 93.189.43.3:8886 enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=0 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=45 qbuf-free=32723 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
1:S 13 Jul 2020 20:06:21.620 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:21.621 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:21.667 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:21.714 * Master replied to PING, replication can continue...
1:S 13 Jul 2020 20:06:21.807 * Trying a partial resynchronization (request 9bdf2d313dc7387849d8607f14a5133e53b98cdf:1).
1:S 13 Jul 2020 20:06:21.854 * Full resync from master: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:1
1:S 13 Jul 2020 20:06:21.855 * Discarding previously cached master state.
1:S 13 Jul 2020 20:06:21.855 * MASTER <-> REPLICA sync: receiving 55664 bytes from master to disk
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Flushing old data
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Loading DB in memory
1:S 13 Jul 2020 20:06:21.949 # Wrong signature trying to load DB from file
1:S 13 Jul 2020 20:06:21.950 # Failed trying to load the MASTER synchronization DB from disk
1:S 13 Jul 2020 20:06:22.623 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:22.623 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:22.670 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:22.716 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:23.625 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:23.626 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:23.672 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:23.719 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:24.630 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:24.630 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:24.676 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:24.723 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:25.633 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:25.634 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:25.680 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:25.727 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:26.638 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:26.638 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:26.684 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:26.731 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:27.641 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:27.642 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:27.720 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:27.800 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:28.077 # Module ./red2.so failed to load: It does not have execute permissions.
1:M 13 Jul 2020 20:06:28.179 # Setting secondary replication ID to 9bdf2d313dc7387849d8607f14a5133e53b98cdf, valid up to offset: 1. New replication ID is 17f925dc5b42b00af0083a1bb3502e6b68c2fc64
1:M 13 Jul 2020 20:06:28.179 * MASTER MODE enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=8 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=34 qbuf-free=32734 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
您是否检查过您的 Redis 端口是否对互联网开放?如果是,您应该尽快将其关闭,并仅使其在您的本地网络中可用。
复制可能是由连接到您的实例的某人发起的,这就是您在服务器上找不到远程 IP 的原因。
有一些已知的使用 Redis 的攻击,您可以查看以下线程以获取更多信息: https: //github.com/antirez/redis/issues/3594
| 归档时间: |
|
| 查看次数: |
1586 次 |
| 最近记录: |