Redis 想要使用未知 IP 地址进行复制
Redis wants to replicate with an unknown IP address
我开发了一个带有 Redis 数据存储的小型应用程序。我在我的开发机器上没有遇到任何问题。该应用程序是使用 docker 图像构建的,并在 docker-compose yml 文件中定义。
我已经将项目部署到 VPS。环境实际上是相同的,它是从相同的 docker images/Dockerfiles 使用相同的 docker-compose 设置等构建的
我注意到每隔几个小时我的 Redis 数据存储就会被清空一次。在挖掘日志时,我看到 Redis 想要复制到一个(对我来说)未知的 IP 地址(位于俄罗斯)。
我不知道发生了什么。看起来我的服务器受到威胁,这当然是可能的。但这是全新安装 (ubuntu 18.04),上面只有我的项目。没有未知的包裹或其他安全风险。除了恶意代码,我从未遇到过任何类似的行为。
在查找它想要复制的 IP 时 to/from 一个在俄罗斯托管的 VPS。当访问 IP 时,我得到一个默认的 Nginx 页面。
我已经在我的机器上搜索了 IP 地址,但没有找到。我已经导出 Docker 图像并在导出中查找该 IP(也是 ipv6),但也没有找到。
我一无所知,有人知道这里发生了什么吗?
下面是日志文件中的一个片段。
1:M 13 Jul 2020 20:06:18.108 * Background saving terminated with success
1:S 13 Jul 2020 20:06:20.873 * Before turning into a replica, using my own master parameters to synthesize a cached master: I may be able to synchronize with the new master with just a partial transfer.
1:S 13 Jul 2020 20:06:20.873 * REPLICAOF 93.189.43.3:8886 enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=0 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=45 qbuf-free=32723 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
1:S 13 Jul 2020 20:06:21.620 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:21.621 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:21.667 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:21.714 * Master replied to PING, replication can continue...
1:S 13 Jul 2020 20:06:21.807 * Trying a partial resynchronization (request 9bdf2d313dc7387849d8607f14a5133e53b98cdf:1).
1:S 13 Jul 2020 20:06:21.854 * Full resync from master: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:1
1:S 13 Jul 2020 20:06:21.855 * Discarding previously cached master state.
1:S 13 Jul 2020 20:06:21.855 * MASTER <-> REPLICA sync: receiving 55664 bytes from master to disk
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Flushing old data
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Loading DB in memory
1:S 13 Jul 2020 20:06:21.949 # Wrong signature trying to load DB from file
1:S 13 Jul 2020 20:06:21.950 # Failed trying to load the MASTER synchronization DB from disk
1:S 13 Jul 2020 20:06:22.623 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:22.623 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:22.670 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:22.716 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:23.625 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:23.626 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:23.672 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:23.719 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:24.630 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:24.630 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:24.676 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:24.723 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:25.633 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:25.634 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:25.680 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:25.727 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:26.638 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:26.638 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:26.684 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:26.731 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:27.641 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:27.642 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:27.720 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:27.800 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:28.077 # Module ./red2.so failed to load: It does not have execute permissions.
1:M 13 Jul 2020 20:06:28.179 # Setting secondary replication ID to 9bdf2d313dc7387849d8607f14a5133e53b98cdf, valid up to offset: 1. New replication ID is 17f925dc5b42b00af0083a1bb3502e6b68c2fc64
1:M 13 Jul 2020 20:06:28.179 * MASTER MODE enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=8 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=34 qbuf-free=32734 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
你检查过你的Redis端口是否对外开放了吗?
如果是,您应该尽快关闭它并只在您的本地网络中使用它。
复制可能是由连接到您的实例的人启动的,这就是您在服务器上找不到远程 IP 的原因。
有一些已知的使用 Redis 的攻击,您可以查看以下线程以获取更多信息:https://github.com/antirez/redis/issues/3594
我开发了一个带有 Redis 数据存储的小型应用程序。我在我的开发机器上没有遇到任何问题。该应用程序是使用 docker 图像构建的,并在 docker-compose yml 文件中定义。
我已经将项目部署到 VPS。环境实际上是相同的,它是从相同的 docker images/Dockerfiles 使用相同的 docker-compose 设置等构建的
我注意到每隔几个小时我的 Redis 数据存储就会被清空一次。在挖掘日志时,我看到 Redis 想要复制到一个(对我来说)未知的 IP 地址(位于俄罗斯)。
我不知道发生了什么。看起来我的服务器受到威胁,这当然是可能的。但这是全新安装 (ubuntu 18.04),上面只有我的项目。没有未知的包裹或其他安全风险。除了恶意代码,我从未遇到过任何类似的行为。
在查找它想要复制的 IP 时 to/from 一个在俄罗斯托管的 VPS。当访问 IP 时,我得到一个默认的 Nginx 页面。
我已经在我的机器上搜索了 IP 地址,但没有找到。我已经导出 Docker 图像并在导出中查找该 IP(也是 ipv6),但也没有找到。
我一无所知,有人知道这里发生了什么吗?
下面是日志文件中的一个片段。
1:M 13 Jul 2020 20:06:18.108 * Background saving terminated with success
1:S 13 Jul 2020 20:06:20.873 * Before turning into a replica, using my own master parameters to synthesize a cached master: I may be able to synchronize with the new master with just a partial transfer.
1:S 13 Jul 2020 20:06:20.873 * REPLICAOF 93.189.43.3:8886 enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=0 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=45 qbuf-free=32723 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
1:S 13 Jul 2020 20:06:21.620 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:21.621 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:21.667 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:21.714 * Master replied to PING, replication can continue...
1:S 13 Jul 2020 20:06:21.807 * Trying a partial resynchronization (request 9bdf2d313dc7387849d8607f14a5133e53b98cdf:1).
1:S 13 Jul 2020 20:06:21.854 * Full resync from master: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:1
1:S 13 Jul 2020 20:06:21.855 * Discarding previously cached master state.
1:S 13 Jul 2020 20:06:21.855 * MASTER <-> REPLICA sync: receiving 55664 bytes from master to disk
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Flushing old data
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Loading DB in memory
1:S 13 Jul 2020 20:06:21.949 # Wrong signature trying to load DB from file
1:S 13 Jul 2020 20:06:21.950 # Failed trying to load the MASTER synchronization DB from disk
1:S 13 Jul 2020 20:06:22.623 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:22.623 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:22.670 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:22.716 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:23.625 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:23.626 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:23.672 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:23.719 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:24.630 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:24.630 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:24.676 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:24.723 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:25.633 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:25.634 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:25.680 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:25.727 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:26.638 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:26.638 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:26.684 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:26.731 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:27.641 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:27.642 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:27.720 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:27.800 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:28.077 # Module ./red2.so failed to load: It does not have execute permissions.
1:M 13 Jul 2020 20:06:28.179 # Setting secondary replication ID to 9bdf2d313dc7387849d8607f14a5133e53b98cdf, valid up to offset: 1. New replication ID is 17f925dc5b42b00af0083a1bb3502e6b68c2fc64
1:M 13 Jul 2020 20:06:28.179 * MASTER MODE enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=8 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=34 qbuf-free=32734 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
你检查过你的Redis端口是否对外开放了吗? 如果是,您应该尽快关闭它并只在您的本地网络中使用它。
复制可能是由连接到您的实例的人启动的,这就是您在服务器上找不到远程 IP 的原因。
有一些已知的使用 Redis 的攻击,您可以查看以下线程以获取更多信息:https://github.com/antirez/redis/issues/3594