Milos, Avinash -- do we have a redis server that has open ports? If so, could you add a ticket to handle this (and properly setup the firewall on all our boxes to close all ports by default, unless we open them?
--
Xavier
> Dear Mr Xavier Antoviaque,
>
> We have received a notification from the German Federal Office for
> Information Security (BSI) for (the IP address of) a server you have
> with us. We are automatically forwarding this notification on to you,
> for your information.
>
> The original report has been included below. Additional information is
> provided with the how-to guides referenced in the report. Please note
> that we do not have any further information to share.
>
> These notifications do not mean your server was involved in any abusive
> activity. They are simply alerting you to a potential issue on your
> server, that could be exploited, and that is usually fairly easy to
> secure.
>
> You do not need to send us, or the BSI, a response.
>
> keep the ticket number of the original report [CB-Report#...] in the
> just the sender address for the reports and messages sent to this
> address will not be read.
>
> Kind regards
>
> Abuse Team
>
> Hetzner Online GmbH
> Industriestr. 25
> 91710 Gunzenhausen / Germany
> Tel: +49 9831 5050
> Fax: +49 9831 5053
>
> Register Court: Registergericht Ansbach, HRB 6089
> CEO: Martin Hetzner, Stephan Konvickova, Günther Müller
>
> You have the option of making an appeal against a negative decision.
> To do that, please reply directly to this ticket. If this is the Abuse
> Team’s final decision, you can also make a complaint by writing to
> platform that you can use as a platform for online dispute resolution
> nor required to participate in a dispute resolution process before a
> consumer arbitration board.
>
> For the purposes of this communication, we may save some of your
> personal data. For information on our data privacy policy, please see:
>
>> Dear Sir or Madam,
>>
>> Redis is an open-source in-memory database server with a simple
>> key-value data structure often used with dynamic web applications.
>>
>> If a Redis server is openly accessible from the Internet and no
>> SASL authentification has been configured, anyone who can connect
>> to the server has unrestricted access to the data stored with it.
>> This allows attackers to modify or delete any data or potentially
>> steal sensitive information like login credentials for web
>> applications or customer data from online shops.
>>
>> Please find below a list of affected systems hosted on your network.
>> The timestamp (timezone UTC) indicates when the system was found
>> to be running an openly accessible Redis server.
>>
>> We would like to ask you to check this issue and take appropriate
>> steps to secure the Redis servers on the affected systems or
>> notify your customers accordingly.
>>
>> If you have recently solved the issue but received this notification
>> again, please note the timestamp included below. You should not
>> receive any further notifications with timestamps after the issue
>> has been solved.
>>
>> Additional information on this notification, advice on how to fix
>> reported issues and answers to frequently asked questions:
>>
>> This message is digitally signed using PGP.
>> Information on the signature key is available at:
>>
>> Please note:
>> This is an automatically generated message. Replies to the
>> but silently be discarded. In case of questions, please contact
>> of this message in the subject line.
>>
>> Affected systems on your network:
>>
>> Format: ASN | IP | Timestamp (UTC) | Redis version
>> 24940 | 135.181.254.90 | 2026-02-10 10:35:10 | 8.4.0
>>
>> Mit freundlichen Grüßen / Kind regards
>> Team CERT-Bund
>>
>> Bundesamt für Sicherheit in der Informationstechnik
>> Federal Office for Information Security (BSI)
>> CERT-Bund
>> Godesberger Allee 87, 53175 Bonn, Germany
>>
_______________________________________________