Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Hacked database by using mongodb. Did anyone get this situation?

Tags:

mongodb

Today, my website suddenly down and then I checked my database which I used mongodb. It seemed that someone hacked my database and then they created a collection like this: 

{
    "_id": {
        "$oid": "5e3dd717e3d0c9664c95ad51"
    },
    "btc": "1J7YbJbvmPBXZsR4U8dGbhDC7WH5EwoRQt",
    "info": "All your data is a backed up. You must pay 0.1 BTC to 1J7YbJbvmPBXZsR4U8dGbhDC7WH5EwoRQt 48 hours for recover it. 
    After 48 hours expiration we will leaked and exposed all your data. Also do not forget about GDPR. 
    Need any proofs? [email protected] You are welcome!"
}

I don't know what should I do now. Do I need to uninstall mongodb on my server and then setup it again? Please give my advice.

Thank you

like image 459
user2361451 Avatar asked Feb 20 '20 00:02

user2361451

People also ask

Can MongoDB database be hacked?

Unsecured Elasticsearch and MongoDB databases have been targeted in hacking attacks that erase all data. There are no ransom demands. These are being called Meow Attacks because they leave a telltale meow signature on server log files.

Is MongoDB a secure database?

Network encryption is available with MongoDB. This allows you to protect your database and communications through an industry-standard encryption methodology. TLS and SSL are supported by the x. 509 certificates, which clients can use to authenticate their identities.

How recover data from MongoDB?

You can use read operations to retrieve data from your MongoDB database. There are multiple types of read operations that access the data in different ways. If you want to request results based on a set of criteria from the existing set of data, you can use a find operation such as the find() or findOne() methods.

Who owns MongoDB?

Dev Ittycheria has over two decades of experience as an entrepreneur, investor, and leader specializing in high-growth software companies. Currently, he is the President & CEO of MongoDB, where he led its IPO in 2017—the first public offering of a database company in over 26 years.

2 Answers

Apparently, such attacks were carried out in 2017 as well. The attackers simply scan entire IPv4 internet for a MongoDB running on port 271017.

You need at least user authentication to stay safe.

like image 146
Saad Rehman Avatar answered Sep 30 '22 16:09

Saad Rehman

use MongoDB atlas for production and make sure you set your server application IP address as the only IP address that can access your application.

like image 45
Will Abule Avatar answered Sep 30 '22 16:09

Will Abule
Sign in to Comment

Related questions

Nested filters: $filter array, then $filter child array
Recovering a missing WiredTiger.wt
How to overwrite image in mongoDB gridfs?
Symfony2 MoneyType with divisor: integer conversion leads to wrong database values
Mongo "Unrecognized pipeline stage name: '$filter'"
java.lang.NoClassDefFoundError when using MongoDB driver
MongoDB: Find all documents except those where a date range condition matches
PostgreSQL JSON field type vs MongoDB
insertMany always returns duplicate _id error
Update Array where it exists or Insert new Array Item
Express Js not sending error object on res.json()
How to cleanly shutdown Change Streams with Motor?
Why is MongoDB slower to insert Records only when collection does not exist?
MongoDB connection fails on multiple app servers
MongoDB: not all the results are returned from a query, using $geoNear
Incredibly slow query performance with $lookup and "sub" aggregation pipeline
Set sort order for mongoose document
difference between mongoclientoptions vs mongoclientsettings
MongoDB C# Case Insensitive Sort and Index
mongodb update the last array element

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!