The Redis service was exposed to have a vulnerability that may be maliciously exploited by attackers because of improper configuration.
With Redis’s built-in commands, hackers can maliciously delete all existing data. If Redis is run with the root account, hackers can write SSH public key files to the server and directly log on to the server.
Redis servers that are open to the Internet and have not enabled authentication for access
Note: You must restart Redis to bring the changes into effect.
Limit IP addresses allowed to access the database. Modify
redis.confto the IP addresses allowed to access the database.
Set the access password. Add your expected access password after the
Change the Redis running account. Run the Redis service with an account with lower permissions and disable the logon permission for this account.