Hi,
a few days ago, according to my log file, my databases have been erased. Wipe out. And I have no idea why that happened.
What is the current content of your MongoDB deployment, i.e., what is the output of the show dbs
and show collections
for each database?
From the logs you posted, it appears that your MongoDB deployment is open to the internet without any security feature turned on: bindIp
is set to 0.0.0.0
and the server option list doesn’t include the authorization: "enabled"
setting.
The logs also show a connection (conn537
) dropped three databases in quick succession before the server is shut down. If you don’t recognize the originating IP of conn537
, it is quite likely that you’re a victim of an attack that targets database instances that are open to the internet without any security features turned on. If this is the case, then your best course of action is to enable auth on your MongoDB instance, and restore from backup.
You may find the following links helpful:
Best regards,
Kevin