MongoDB auto dropDatabase my data

55 views
Skip to first unread message

Anh Tú

unread,
Apr 21, 2017, 8:42:32 AM4/21/17
to mongodb-user
I'm using MongoDB for my website, mostly using find query.

But a few days ago, according to my log file, my databases have been erased. Wipe out. And I have no idea why that happened.

I'm using Flask and flask-mongoengine for my back-end service. You can see my code here.

Here is my mongo log file: https://paste.ofcode.org/395VjkCc7uzMdrnzixd35cq

Do anyone have any idea why that happened? Thanks.

Kevin Adistambha

unread,
Apr 26, 2017, 12:55:41 AM4/26/17
to mongodb-user

Hi,

a few days ago, according to my log file, my databases have been erased. Wipe out. And I have no idea why that happened.

What is the current content of your MongoDB deployment, i.e., what is the output of the show dbs and show collections for each database?

From the logs you posted, it appears that your MongoDB deployment is open to the internet without any security feature turned on: bindIp is set to 0.0.0.0 and the server option list doesn’t include the authorization: "enabled" setting.

The logs also show a connection (conn537) dropped three databases in quick succession before the server is shut down. If you don’t recognize the originating IP of conn537, it is quite likely that you’re a victim of an attack that targets database instances that are open to the internet without any security features turned on. If this is the case, then your best course of action is to enable auth on your MongoDB instance, and restore from backup.

You may find the following links helpful:

Best regards,
Kevin

Reply all
Reply to author
Forward
0 new messages