Today, my website suddenly down and then I checked my database which I used mongodb. It seemed that someone hacked my database and then they created a collection like this:
{
"_id": {
"$oid": "5e3dd717e3d0c9664c95ad51"
},
"btc": "1J7YbJbvmPBXZsR4U8dGbhDC7WH5EwoRQt",
"info": "All your data is a backed up. You must pay 0.1 BTC to 1J7YbJbvmPBXZsR4U8dGbhDC7WH5EwoRQt 48 hours for recover it.
After 48 hours expiration we will leaked and exposed all your data. Also do not forget about GDPR.
Need any proofs? [email protected] You are welcome!"
}
I don't know what should I do now. Do I need to uninstall mongodb on my server and then setup it again? Please give my advice.
Thank you
Unsecured Elasticsearch and MongoDB databases have been targeted in hacking attacks that erase all data. There are no ransom demands. These are being called Meow Attacks because they leave a telltale meow signature on server log files.
Network encryption is available with MongoDB. This allows you to protect your database and communications through an industry-standard encryption methodology. TLS and SSL are supported by the x. 509 certificates, which clients can use to authenticate their identities.
You can use read operations to retrieve data from your MongoDB database. There are multiple types of read operations that access the data in different ways. If you want to request results based on a set of criteria from the existing set of data, you can use a find operation such as the find() or findOne() methods.
Dev Ittycheria has over two decades of experience as an entrepreneur, investor, and leader specializing in high-growth software companies. Currently, he is the President & CEO of MongoDB, where he led its IPO in 2017—the first public offering of a database company in over 26 years.
Apparently, such attacks were carried out in 2017 as well. The attackers simply scan entire IPv4 internet for a MongoDB running on port 271017.
You need at least user authentication to stay safe.
use MongoDB atlas for production and make sure you set your server application IP address as the only IP address that can access your application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With