0

For the last week and a half for some reason my Mongodb collections all get dumped. I can't find a reason why this is happening there doesn't seem to be a real pattern to when/why the collections get dumped. Does anyone have any insight? I'm running Mongodb version 2.6.12.

user3731342
  • 61
  • 3
  • 1
    Please post details on server configuration, logs, etc. Otherwise the answer seems pretty clear. Some one is deleting your collections. – Peter4499 Jan 17 '17 at 14:47
  • I'm still kinda new to all this. How do I access the logs? – user3731342 Jan 17 '17 at 15:08
  • You need to provide more information on the problem. How are you running mongodb? What process are connected to it? Who has access to it? What investigation have you done so far? – robjwilkins Jan 17 '17 at 16:42
  • Have you enabled authentication and [properly secured](https://docs.mongodb.com/manual/administration/security-checklist/) your MongoDB deployment? Remote attackers have recently been compromising unsecured databases. Please read [How to Avoid a Malicious Attack That Ransoms Your Data](https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data). – Stennie Jan 17 '17 at 20:01
  • Stennie you were right. I've been hacked and they're demanding a bitcoin ransom. I tried to follow the link you sent on how to avoid malicious attacks but I'm still a beginner and its making my head spin. Is there any advice you can give me or point me in the right direction for something that easily explains how to stop this? I still need to allow my customer to pull info from my mongodb database and I've been using their built in API. Can I still have them do that if I add in authorized users? – user3731342 Jan 20 '17 at 19:28
  • As referenced in the MongoDB blog post, please review the [MongoDB Security Checklist](https://docs.mongodb.com/manual/administration/security-checklist/). The checklist has links to relevant tutorials in the MongoDB manual. I would ensure you have configured and enabled authentication, enabled TLS/SSL, and restricted remote IPs that can access via firewall where possible (i.e. to your IP and your customers, if VPN or SSH is not an option). Setting up a backup solution is also important for a production environment (see: [Backup Methods](https://docs.mongodb.com/manual/core/backups/)). – Stennie Jan 20 '17 at 23:41

1 Answers1

1

you can read this artical https://snyk.io/blog/mongodb-hack-and-secure-defaults/

also you can have a look on MongoDB database deleted automatically it should solve your problem.

Community
  • 1
  • 1
Shumi Gupta
  • 1,505
  • 2
  • 19
  • 28