Port 6379 · Redis

What runs on port 6379

Redis is an in-memory key-value store. Its default network protocol binds to TCP/6379 with no authentication required. Versions before 6.0 had no native AUTH support beyond a single global password.

Why public exposure is dangerous

An exposed Redis instance without `requirepass` allows any internet user to read, write, and delete every key. Worse, Redis supports `CONFIG SET` to write its data file to arbitrary paths — attackers have used this to drop SSH `authorized_keys` files, achieving remote code execution. A wave of Redis-driven cryptojacking compromises in 2017–2020 used exactly this technique.

How to lock it down

Bind to `127.0.0.1` only by default — `bind 127.0.0.1` in `redis.conf`. Set `requirepass <strong-password>` even for local-only deployments. Disable dangerous commands in production with `rename-command CONFIG ""` and `rename-command FLUSHALL ""`. If remote access is required, use Redis 6+ ACLs and require TLS. A host firewall closing 6379 to the public is the final layer.

When public exposure is legitimate

Almost never. Production Redis should be reachable only from application servers on private networks. Managed Redis providers (Upstash, Redis Cloud) expose endpoints with mandatory TLS and IP allowlists — if you use these, confirm the allowlist is enforced.

Other ports DomainCare scans

• :3306 MySQL — MySQL listens on port 3306 by default. Public exposure is a critical data-leak risk.
• :5432 PostgreSQL — PostgreSQL listens on port 5432 by default. Public exposure is a critical data-leak risk equivalent to MySQL.
• :27017 MongoDB — MongoDB listens on port 27017 by default. Historically responsible for the largest single data-leak class — pre-3.0 builds shipped without authentication enabled.
• :9200 Elasticsearch — Elasticsearch listens on port 9200 by default. Public exposure exposes the entire indexed dataset to any internet user.