dnswatchdog.iodocs
Issues

Port 6379: Redis

Open Redis port detected on a publicly accessible host.

Severity: Critical | Port: 6379

What is Redis?

Redis is an in-memory data store used as a database, cache, and message broker. It is extremely fast because it keeps data in memory rather than on disk. Redis is used by many web applications for session storage, caching, real-time analytics, and job queues.

Why this is a problem

Redis was designed to be used in trusted environments and historically had no authentication enabled by default. An exposed Redis instance allows attackers to read and modify all stored data, which may include session tokens, cached credentials, and application data. Worse, Redis commands can be used to write files to the server's filesystem, which attackers exploit to gain shell access (for example, by writing an SSH key to the authorized_keys file).

What you should do

  • Block port 6379 from the internet immediately
  • Enable Redis authentication with a strong password using the requirepass directive
  • Bind Redis to localhost or private network interfaces only
  • Disable dangerous commands like FLUSHALL, CONFIG, and DEBUG using the rename-command directive
  • Use Redis ACLs (available in Redis 6+) to restrict what each client can do

Port 5900: VNC

Open VNC port detected on a publicly accessible host.

Port 6380: Redis TLS

Open Redis TLS port detected on a publicly accessible host.

On this page

What is Redis?Why this is a problemWhat you should do