Since Redis was designed to be accessed from within trusted environments by trusted clients, it is generally not recommended to expose any servers to the Internet. Since Redis does not use authentication by default, exposing a server to the Internet would allow anyone to freely access it and use it for any purpose they desire. Since version 3.2.0, Redis will, by default, enter a protected mode if it is configured as bound to all interfaces on the server. This protected mode will make it so that Redis only replies to queries from the loopback interfaces, thus preventing external parties from communicating with it. As this feature can be disabled by admins, it is highly recommended to keep this feature enabled on all Redis servers. This would help prevent any Redis servers that were accidentally exposed to the Internet from being compromised from an external entity. Finally, if the “SLAVEOF” feature is not being actively used in the Redis environment, it is recommended to disable it completely. This would help prevent more serious attacks from occurring, as a threat actor who accesses a Redis server would not be able to completely compromise it by syncing it with their own server.
https://www.bleepingcomputer.com/news/security/new-headcrab-malware-infects-1-200-redis-servers-to-mine-monero/
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware
