mongodb hacked OTL WE MUST CHANGE MONGODB PORT!!
-
they search NOSQl server and hacking db
and deleted db or deleted query
and then they leave message in db name..
db name is.. please_read <--
my mongodb have auth id and pass but it was hacked
message is :
{
"_id" : ObjectId("58743b220c474c666002c3de"),
"Info" : "Your DB is Backed up at our servers, to restore send 0.1 BTC to the Bitcoin Address then send an email with your server ip",
"Bitcoin Address" : "1J5ADzFv1gx3fsUPUY1AWktuJ6DF9P6hiF",
"Email" : "[email protected]"
}attachment this url : https://www.digitalocean.com/community/questions/my-mongodb-has-been-extorted-by-a-kraken-ransomware-virus
-
According to this article this only affects people that didn't have an administrator password.. so it's really your own fault
https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ransom-attacks-hit-10-000-servers/Use strong passwords and keep your software up-to-date, assuming you did that and this was done with an exploit there is a simple fix, configure your firewall properly!
For most users there's no reason to allow access to mongo from the outside, if you need external access only allow IP's from servers that need to access it.
Oh and for the worst case that someone still gets through, do regular backups. -
Sounds scary but I have passwords enabled in mongodb
-
@phit said in mongodb hacked OTL WE MUST CHANGE MONGODB PORT!!:
According to this article this only affects people that didn't have an administrator password.. so it's really your own fault
https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ransom-attacks-hit-10-000-servers/Use strong passwords and keep your software up-to-date, assuming you did that and this was done with an exploit there is a simple fix, configure your firewall properly!
For most users there's no reason to allow access to mongo from the outside, if you need external access only allow IP's from servers that need to access it.
Oh and for the worst case that someone still gets through, do regular backups.Not really we had password and got hacked also a few days ago
-
@exodo that shouldn't have happened. Are you sure? If you're correct, then that's a huge issue.
-
@exodo Can you confirm that is the case - was your DB password strong enough?
This problem is similar to the other issue with Redis a year or so ago where people were allowing external access without any password protection
This isn't a problem with NodeBB per-se, but potentially we should update documentation to stress how important it is to secure your own install.
If you're not hosting with us, make sure you have rolling backups!
-
@PitaJ said in mongodb hacked OTL WE MUST CHANGE MONGODB PORT!!:
@exodo that shouldn't have happened. Are you sure? If you're correct, then that's a huge issue.
Yes. We had passwd & ssh key to acces the server. Many people got hacked this way. Only solution is just bind to local connects
-
Yes. We had passwd & ssh key to acces the server.
What how is ssh related to having no database password?
Many people got hacked this way.
Source?
more coverage on the issue https://krebsonsecurity.com/2017/01/extortionists-wipe-thousands-of-databases-victims-who-pay-up-get-stiffed/