Avoid a Malicious Attack MongoDB: How It Happened and What We Did About It.
shivlal kumavat
Posted on February 25, 2023
Hacked any thing means big loss of organization? And if our database hack then it will be serious consequences for an organization, including financial loss, damage to reputation, and loss of sensitive information.
MongoDB have big community so I think may be not possible to hack this but it's hack, In this article, we will discuss the very basic way in which a MongoDB database can be hacked, as well as how we can prevent this in simple way.
The Beginning:
I have been using MongoDB in my application. First day I have create MongoDB database on my own server and added some testing data for testing purpose. Next day what I see there is no data available that was added yesterday. Just ignored because I think may be yesterday delete database by me or deleted data for testing purpose so added more testing data to database.
But Again next day again happen same thing NO DATA is available in my database.
The Realization:
I was not sure what exactly was going on. On initial research, I suspect that may be in background by mistake I have started some service and that is running and deleted my data from database so I have tried many thing like installing again MongoDB and starting and killing process of MongoDB, and again added some testing data. Because I think if background process is running it will be killed.
But that was not Solution.
What I can see in my database, The new database named READ_ME_TO_RECOVER_YOUR_DATA is there with this message:
All your data was backed up from your server. You need to email us at EmailName@email to recover your data. If you dont contact us we will reach the General Data Protection Regulation, GDPR,and notify them that you store user data in an open form that is not safe. Under the rules of the law, you face a heavy fine or arrest and your database dump will be deleted from our server forever!
Why this happen and Why hacker do this:
I created the MongoDB server without authentication, and some hackers were able to steal/delete all of your data, and are probably now expecting you to pay some bitcoin to get it back.
The Final Fix:
I have uninstall the MongoDB and again installed with solid authentication.
How to Avoid a Malicious Attack:
Recommendation is to enable authentication for database.
You will find some MongoDB official doc here: https://www.mongodb.com/blog/post/update-how-to-avoid-a-malicious-attack-that-ransoms-your-data
If you like this post please share your thoughts in the comments. Feel free to follow me @slk5611 for more tech content.
One of my friend is also written about PostgreSQL server hack. If you want to learn about it be sure to follow him @jaytailor45 https://dev.to/jaytailor45/the-anatomy-of-a-postgresql-hack-how-it-happened-and-what-we-did-about-it-b9k
Thank you for reading. Happy Codding!
Posted on February 25, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
February 25, 2023