MongoDB lost in droplet Digital Ocean

Question

I've built a Django web app on a droplet of Digital Ocean. The app was working fine. Today, when I opened my web app, no data appeared. I had a look at the droplet (server), and I found that all data in my mongodb is lost. Especially, when I type show dbs in mongodb shell, it said:

DB_HAS_BEEN_DROPPED 0.000GB

Then I rebooted the server, and it worked again. The collections come back but only old data is available. New data, that I've been collected in recent days, is lost. I faced a similar problem before. For that time, my process running mongodb was even turned off.

I suspect that my droplet was hacked by someone. Is that correct or that's the problem of mongodb? I also curious about security policy of Digital Ocean because when I set up a server one month ago, they sent me a message telling me that the server had strange outgoing traffic, and they locked my server just one day after setting up.

Thanks.

It's been a while since people learned to close access to the db from the wild: https://www.bleepingcomputer.com/news/security/mongodb-databases-held-for-ransom-by-mysterious-attacker/ Check logs, ensure it listens to internal interfaces only. — Alex Blex, May 16 '17 at 16:16

score 1 · Answer 1 · answered May 16 '17 at 16:35

1

Set up MondoDB to listen on address 127.0.0.1 (or localhost) only so it's not open to the world.

See here for more details: https://docs.mongodb.com/v3.2/administration/configuration/#security-considerations

answered May 16 '17 at 16:35

Oliver

11,857
2
36
42

I have ``127.0.0.1` set by default, but I'm going to run mongod with authentication option. Thanks. – lenhhoxung May 16 '17 at 17:03

MongoDB lost in droplet Digital Ocean

1 Answers1