Embed Notice
HTML Code
Corresponding Notice
- Embed this notice@NEETzsche @alex @verita84 @blockdetector @kroner @herve_02 It is my job to prevent that from breaking the site, yes. FSE gets DoS'd and the problem is that we were vulnerable, not that someone took advantage. You can't rely on people failing to take advantage.
The reason for the rampant problems with open Redis servers is that Redis's default config used to bind to 0.0.0.0 with no authentication required. If your password is "password123", you should expect to get owned and you should be glad if it's someone that does it for mischief rather than with some kind of profit motive.
Anyway, I didn't say you were *responsible*, I said you wrote the code (which is accurate), and I tagged you because I promised to tag you when this happens.