oh, I'll look into this soon 👍🏼 On Thu, 12 Feb 2026 at 14:29, Xavier Antoviaque via whitebox-dev < dev@ml.whitebox.aero> wrote:
Milos, Avinash -- do we have a redis server that has open ports? If so, could you add a ticket to handle this (and properly setup the firewall on all our boxes to close all ports by default, unless we open them?
-- Xavier Whitebox.aero <https://whitebox.aero/>
On Wed, Feb 11, 2026, at 11:51, abuse@hetzner.com wrote:
Dear Mr Xavier Antoviaque,
We have received a notification from the German Federal Office for Information Security (BSI) for (the IP address of) a server you have with us. We are automatically forwarding this notification on to you, for your information.
The original report has been included below. Additional information is provided with the how-to guides referenced in the report. Please note that we do not have any further information to share.
These notifications do not mean your server was involved in any abusive activity. They are simply alerting you to a potential issue on your server, that could be exploited, and that is usually fairly easy to secure.
You do not need to send us, or the BSI, a response.
In case of further questions, please contact certbund@bsi.bund.de and keep the ticket number of the original report [CB-Report#...] in the subject line. Do not reply to <reports@reports.cert-bund.de> as this is just the sender address for the reports and messages sent to this address will not be read.
Kind regards
Abuse Team
Hetzner Online GmbH Industriestr. 25 91710 Gunzenhausen / Germany Tel: +49 9831 5050 Fax: +49 9831 5053 www.hetzner.com
Register Court: Registergericht Ansbach, HRB 6089 CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
You have the option of making an appeal against a negative decision. To do that, please reply directly to this ticket. If this is the Abuse Team’s final decision, you can also make a complaint by writing to info@hetzner.com. The European Commission also provides a platform that you can use as a platform for online dispute resolution (ODR) at http://ec.europa.eu/consumers/odr. We are neither willing nor required to participate in a dispute resolution process before a consumer arbitration board.
For the purposes of this communication, we may save some of your personal data. For information on our data privacy policy, please see: www.hetzner.com/privacy-policy-notice
Dear Sir or Madam,
Redis is an open-source in-memory database server with a simple key-value data structure often used with dynamic web applications.
If a Redis server is openly accessible from the Internet and no SASL authentification has been configured, anyone who can connect to the server has unrestricted access to the data stored with it. This allows attackers to modify or delete any data or potentially steal sensitive information like login credentials for web applications or customer data from online shops.
Please find below a list of affected systems hosted on your network. The timestamp (timezone UTC) indicates when the system was found to be running an openly accessible Redis server.
We would like to ask you to check this issue and take appropriate steps to secure the Redis servers on the affected systems or notify your customers accordingly.
If you have recently solved the issue but received this notification again, please note the timestamp included below. You should not receive any further notifications with timestamps after the issue has been solved.
Additional information on this notification, advice on how to fix reported issues and answers to frequently asked questions: <https://reports.cert-bund.de/en/>
This message is digitally signed using PGP. Information on the signature key is available at: <https://reports.cert-bund.de/en/digital-signature>
Please note: This is an automatically generated message. Replies to the sender address <reports@reports.cert-bund.de> will NOT be read but silently be discarded. In case of questions, please contact <certbund@bsi.bund.de> and keep the ticket number [CB-Report#...] of this message in the subject line.
Affected systems on your network:
Format: ASN | IP | Timestamp (UTC) | Redis version 24940 | 135.181.254.90 | 2026-02-10 10:35:10 | 8.4.0
Mit freundlichen Grüßen / Kind regards Team CERT-Bund
Bundesamt für Sicherheit in der Informationstechnik Federal Office for Information Security (BSI) CERT-Bund Godesberger Allee 87, 53175 Bonn, Germany
whitebox-dev mailing list -- dev@ml.whitebox.aero To unsubscribe send an email to dev-leave@ml.whitebox.aero