First Project and Hacked?

Ops and Admin
#1

Hi everyone,

Let me give some background, I came from a JS FrontEnd Env, and recently I started to learn Python and Mongo. (Also I love Light Modes, I’m not crazy… just different )

Well, this happens to me in my first project on Mongo hehe.

"content" : "All your data is a backed up. You must pay 0.015 BTC to 15QSUeLd23GnUQqqndbwWR5UaPPqnwpSrc 48 hours to recover it. After 48 hours expiration, we will be leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with your DB IP: r3covery_base@protonmail.com\n

It is very funny because is just a test environment and the data is irrelevant

I use DO because it has a basic droplet that I can create a quick Mongo DB and they have VPC, that I can connect one droplet to another, just for the sake of testing performance.

I start using Studio3T (that I will sadly stop using it because is very expensive after the trial version and I don’t know how long my test will be going on), but is super easy to use to create Collections, and add DBs. (Also I promise myself I will start learning the CLI mode.

I started with a simple project RestFull API , so I decide to with Flask, added some authentications with flask-bcrypt and flask-jwt-extended.

Why and how in the earth, some bots or people got into my DB?

Could you please guide me to the correct please to secure my servers or Mongodb.

thank you!

#2

:wave: Hi @Adrian_Galvez_G and welcome to the community!

Sorry to hear your first project with MongoDB resulted in getting your database attacked. MongoDB has a security checklist to help make your database secure. This might be more than you need however at this time if you’re just working through a test project that won’t be sticking around.

For a test system like this, you can do a couple of things to make it secure enough:

  1. Enable authentication and access control
  2. Set your server’s firewall to only allow access from certain machines. I’m not sure how to do this on DO unfortunately, but there should be a way to set it up so only your local machine can access the DO server. My guess is that it is currently set up to allow access from any host (IP 0.0.0.0).
2 Likes
#3

Thank you so much for pointing me in the correct links.

Now I’m trying to secure the server .

but I dont get why I only can work well with bindIp: 127.0.0.1, ipServer, VCPIp,

and also change the port , but this is not working at all i get always:

MongoDB shell version v4.0.3
connecting to: mongodb://127.0.0.1:27662/
2020-06-12T14:06:50.208-0500 E QUERY    [js] Error: couldn't connect to server 127.0.0.1:27662, connection attempt failed: SocketException: Error connecting to 127.0.0.1:27662 :: caused by :: Connection refused :
connect@src/mongo/shell/mongo.js:257:13
@(connect):1:6
exception: connect failed

does my yaml config is wrong?

#4

Hello @Adrian_Galvez_G

there is a great answer for this error from @Stennie

Hope this helps
Michael

2 Likes
#5

One thing I notice is that the mongo shell connection is to a server on the same machine as the connection is being made from (the connecting to: mongodb://127.0.0.1:27662/ bit). Are you trying to connect to your DO instance from inside of the DO droplet, or are you trying to connect from your local machine?

If the link @michael_hoeller posted doesn’t help, let us know and we can provide further assistence.

#6

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.