mongoDB service error after changing port

Ops and Admin
,
1

My test database got hacked recently because i was using default port, so i dropped all the collections and users and created a new user, changed the port. Then the mongoDB service just couldn’t start.

    mongod.service - MongoDB Database Server
       Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
       Active: failed (Result: exit-code) since Tue 2020-06-23 01:25:52 UTC; 7s ago
         Docs: https://docs.mongodb.org/manual
      Process: 22420 ExecStart=/usr/bin/mongod --config /etc/mongod.conf (code=exited, status=48)
     Main PID: 22420 (code=exited, status=48)
    
    Jun 23 01:25:52 MongoCorev3 systemd[1]: Started MongoDB Database Server.
    Jun 23 01:25:52 MongoCorev3 mongod[22420]: 2020-06-23T01:25:52.535+0000 I CONTROL  [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
    Jun 23 01:25:52 MongoCorev3 systemd[1]: mongod.service: Main process exited, code=exited, status=48/n/a
    Jun 23 01:25:52 MongoCorev3 systemd[1]: mongod.service: Failed with result 'exit-code'.

MongoDb config:

    storage:
      dbPath: /var/lib/mongodb
      journal:
        enabled: true
    #  engine:
    #  mmapv1:
    #  wiredTiger:
    
    # where to write logging data.
    systemLog:
      destination: file
      logAppend: true
      path: /var/log/mongodb/mongod.log
    
    # network interfaces
    net:
      port: 23396
      bindIp: 127.0.0.1,188.166.240.2
    
    
    # how the process runs
    processManagement:
      timeZoneInfo: /usr/share/zoneinfo
    
    security:
      authorization  : enabled

Firewall :

    To                         Action      From
    --                         ------      ----
    22/tcp                     LIMIT       Anywhere                  
    80/tcp                     ALLOW       Anywhere                  
    443/tcp                    ALLOW       Anywhere                  
    27017                      REJECT      Anywhere                  
    23396                      ALLOW       Anywhere                  
    22/tcp (v6)                LIMIT       Anywhere (v6)             
    80/tcp (v6)                ALLOW       Anywhere (v6)             
    443/tcp (v6)               ALLOW       Anywhere (v6)             
    27017 (v6)                 REJECT      Anywhere (v6)             
    23396 (v6)                 ALLOW       Anywhere (v6)
2

Hello,
Please post the output of the logfile.

Moreover, i am not sure if simply changing the port will prevent someone from hacking your database again.

Thanks
R

3

Hi, where can i find the logfile you mention ?
Also, i literally fresh created a DigitalOcean server for 3 Days with mongoDB and its hacked. During that time my port was default port and bindIp. So is mongoDB really that easy to get hacked ? What should I do as i really can’t find any reliable up-to-date tutorial online that show up how to set up a proper mongoDB ourself. Thanks

4

From your configuration file your log file is

/var/log/mongodb/mongod.log

Try university.mongodb.net.

5

:wave: Hi @Chen_Haur and welcome to the community forums.

I would start with the MongoDB Security Checklist.

1 Like
6

You can run this command,
In fact, the port is already in use in my case!
I kill it, then start the mongod, and its active.

sudo kill -9 $(sudo lsof -t -i:23396)

7

There are many ways to shut down mongod, this would be one of the ones at the very end. A SIGKILL(kill-9) has a greater chance of some dataloss.

system service control scripts:

  • systemctl stop mongod (systemd systems)
  • service mongod stop (System V init systems)
  • services.msc (windows)
  • Stop-Service mongodb (powershell)

Mongo Specific Commands

System task controls:
kill mongod_pid (SIGTERM default, linux, mac)

Potential for dataloss:
kill -9
kill -2

2 Likes
8

I believe problem is here

bindIp: 127.0.0.1,188.166.240.2

just remove pubic IP and it will work.