How to hide the MongoDB ip address
Question
I wanna ask about security in NodeJS.
In my case, the atacker can have access to my database, I'm using MongoDB as my databse, my web server and my DB server is different, but the atacker can know the ip address of my database, ofcourse my DB server doesn't have any security.
I wondering why the atacker can know my DB ipaddress, is the vulnerability was from my server so the atacker can read my DB ipaddress from the backend code, or what?
1 answers
solution1
2 ACCPTED 2021-02-03 11:07:33
If your Database Server and Web Server are separate, it could be that your MongoDB is open (without authentication) and Services like Shodan can be used to find these Servers without Authentication. In this case I believe a Bot or Script was run to go over all Open Databases it could find, drop all collections, and leave this little ransom notice.
Your best bet would be to add Authentication, and ensure that only your Host Server can access your MongoDB Server via Firewall (IPTables, UFW)
If you don't have any Backups then your data is probably gone, but I wouldn't worry about “being reported to GDPR” or whatever this hilarious threat is.
Edit: I forgot to clarify, they probably didn't specifically target you as the Note asks you to email them with your DB IP, which would insinuate that this Notice has gone out to a group of people, and not just yourself.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.