-1

I already setup mongod with authentication but forget to expose port 27017 to public but I don't understand why attacker can drop my database?

*** Updated, issued has been resolved, I forgot to re-enable auth after change something on config files and attacker random scripting execute drop database command on server which not enable auth.

Server Information: MongoDB Server 4.0.3 on Ubuntu 16.04.5

snn2spade
  • 1
  • 1

1 Answers1

0

From what I understand from the logs, your application was used to drop the database, it looks like it got compromised.

The question is then why your app was allowed to drop the database ? Was the user used by the app administrator on MongoDB ?

Kedare
  • 1,786
  • 4
  • 20
  • 37