我开发了一个带有redis数据存储的小应用程序。我的开发机器没有遇到任何问题。应用程序是使用docker图像构建的,并在docker compose yml文件中定义。
我已经将项目部署到vps。环境实际上是相同的,它是从相同的docker图像/dockerfiles使用相同的docker compose设置等构建的。
我注意到每隔几个小时我的redis数据存储就会清空一次。当我翻阅日志时,我发现redis想要复制到一个(对我来说)未知的ip地址(位于俄罗斯)。
我不知道发生了什么事。看起来我的服务器被破坏了,当然,这是可能的。但它是一个新安装(ubuntu18.04),只有我的项目。没有未知包或其他安全风险。我从来没有遇到过这样的行为,除了在恶意代码。
在查找ip时,它希望向/从俄罗斯托管的vps复制。当访问ip时,我会得到一个默认的nginx页面。
我在我的机器上搜索了ip地址,但什么也没找到。我已经导出了docker映像,并在导出中为该ip(也是ipv6)进行了grepped,但也没有找到任何内容。
我不知道,有人知道这里发生了什么吗?
下面是日志文件中的一个片段。
1:M 13 Jul 2020 20:06:18.108 * Background saving terminated with success
1:S 13 Jul 2020 20:06:20.873 * Before turning into a replica, using my own master parameters to synthesize a cached master: I may be able to synchronize with the new master with just a partial transfer.
1:S 13 Jul 2020 20:06:20.873 * REPLICAOF 93.189.43.3:8886 enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=0 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=45 qbuf-free=32723 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
1:S 13 Jul 2020 20:06:21.620 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:21.621 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:21.667 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:21.714 * Master replied to PING, replication can continue...
1:S 13 Jul 2020 20:06:21.807 * Trying a partial resynchronization (request 9bdf2d313dc7387849d8607f14a5133e53b98cdf:1).
1:S 13 Jul 2020 20:06:21.854 * Full resync from master: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ:1
1:S 13 Jul 2020 20:06:21.855 * Discarding previously cached master state.
1:S 13 Jul 2020 20:06:21.855 * MASTER <-> REPLICA sync: receiving 55664 bytes from master to disk
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Flushing old data
1:S 13 Jul 2020 20:06:21.949 * MASTER <-> REPLICA sync: Loading DB in memory
1:S 13 Jul 2020 20:06:21.949 # Wrong signature trying to load DB from file
1:S 13 Jul 2020 20:06:21.950 # Failed trying to load the MASTER synchronization DB from disk
1:S 13 Jul 2020 20:06:22.623 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:22.623 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:22.670 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:22.716 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:23.625 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:23.626 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:23.672 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:23.719 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:24.630 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:24.630 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:24.676 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:24.723 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:25.633 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:25.634 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:25.680 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:25.727 # Error reply to PING from master: '-Reading from master: Invalid argument'
1:S 13 Jul 2020 20:06:26.638 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:26.638 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:26.684 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:26.731 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:27.641 * Connecting to MASTER 93.189.43.3:8886
1:S 13 Jul 2020 20:06:27.642 * MASTER <-> REPLICA sync started
1:S 13 Jul 2020 20:06:27.720 * Non blocking connect for SYNC fired the event.
1:S 13 Jul 2020 20:06:27.800 # Error reply to PING from master: '-Reading from master: Connection reset by peer'
1:S 13 Jul 2020 20:06:28.077 # Module ./red2.so failed to load: It does not have execute permissions.
1:M 13 Jul 2020 20:06:28.179 # Setting secondary replication ID to 9bdf2d313dc7387849d8607f14a5133e53b98cdf, valid up to offset: 1. New replication ID is 17f925dc5b42b00af0083a1bb3502e6b68c2fc64
1:M 13 Jul 2020 20:06:28.179 * MASTER MODE enabled (user request from 'id=7746 addr=95.214.11.231:34714 fd=21 name= age=8 idle=0 flags=N db=0 sub=0 psub=0 multi=-1 qbuf=34 qbuf-free=32734 obl=0 oll=0 omem=0 events=r cmd=slaveof user=default')
1条答案
按热度按时间nnvyjq4y1#
你检查过你的redis端口是否对互联网开放了吗?如果是,您应该尽快关闭它,并且只在本地网络中可用。
复制可能是由连接到您的示例的某个人启动的,这就是您在服务器上找不到远程ip的原因。
有一些已知的使用redis的攻击,您可以查看以下线程了解更多信息:https://github.com/antirez/redis/issues/3594