MongoDB being held for ransom

Question

My mongodb is now held for ransom with a message of "Your DB is Backed up at our servers, to restore send 0.1 BTC to the Bitcoin Address then send an email with your server ip". After reading many articles, I am still unsure what publicly accessible database mean. Currently I access my database by SSH into my droplet with username and password and connect via port 27017 how can hacker access my db? Please advise me on what to do to prevent this happening in the future! Thank you


Show source
| security   | mongodb   2017-01-07 22:01 1 Answers

Answers ( 1 )

  1. 2017-01-09 12:01

    To prevent this type of hacking you need make your database secure..

    Add the security.authorization setting to the config file

    security:
     authorization: enabled
    

    Before enable it, make sure you have created root user with credential to login.

    Example:

    $ use admin
    $ db.createUser(
      {
        user: "superAdmin",
        pwd: "mySecurePassword",
        roles: [ { role: "root", db: "admin" } ]
      })
    

    also you may need to create app separate users for each database with limited access, for more info, I have written one blog here MongoDB enable authentication.

    for more info refer MongoDB security best practices and MongoDB security checklist

◀ Go back