My MongoDB was hacked and I need help to recover my collections
821 views
Skip to first unread message
MongoLover
Jan 6, 2017, 3:10:50 PM1/6/17
to mongodb-user
Hey Community,
our two months old MongoDB Server has been hacked. The Database was dropped and a new Database with WARNING Collection says, that we should pay to get the data back :(
An automatic backup and better security was on our schedule, but unfortunately it was too late.
With a deleted
files recovery tool, we get the deleted collection back. Unfortunately the
MongoDB can´t start after the restore.
Here is the Log on start:
2017-01-05T23:56:33.549+0000 I CONTROL [initandlisten] MongoDB starting : pid=3
596 port=27017 dbpath=C:\MongoData\ 64-bit host=MongoDBServer
2017-01-05T23:56:33.549+0000 I CONTROL [initandlisten] targetMinOS: Windows 7/Windows Server 2008 R2
2017-01-05T23:56:33.550+0000 I CONTROL [initandlisten] db version v3.2.10
2017-01-05T23:56:33.550+0000 I CONTROL [initandlisten] git version: 79d9b3ab5ce20f51c272b4411202710a082d0317
2017-01-05T23:56:33.550+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1t-fips 3 May 2016
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] allocator: tcmalloc
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] modules: enterprise
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] build environment:
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] distmod: windows-64
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] distarch: x86_64
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] target_arch: x86_64
2017-01-05T23:56:33.552+0000 I CONTROL [initandlisten] options: { repair: true,storage: { dbPath: "C:\MongoData\" } }
2017-01-05T23:56:33.552+0000 I - [initandlisten] Detected data files in C:\MongoData\ created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-01-05T23:56:33.553+0000 I STORAGE [initandlisten] Detected WT journal files. Running recovery from last checkpoint.
2017-01-05T23:56:33.553+0000 I STORAGE [initandlisten] journal to nojournal transition config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4), config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal, compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
596 port=27017 dbpath=C:\MongoData\ 64-bit host=MongoDBServer
2017-01-05T23:56:33.549+0000 I CONTROL [initandlisten] targetMinOS: Windows 7/Windows Server 2008 R2
2017-01-05T23:56:33.550+0000 I CONTROL [initandlisten] db version v3.2.10
2017-01-05T23:56:33.550+0000 I CONTROL [initandlisten] git version: 79d9b3ab5ce20f51c272b4411202710a082d0317
2017-01-05T23:56:33.550+0000 I CONTROL [initandlisten] OpenSSL version: OpenSSL 1.0.1t-fips 3 May 2016
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] allocator: tcmalloc
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] modules: enterprise
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] build environment:
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] distmod: windows-64
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] distarch: x86_64
2017-01-05T23:56:33.551+0000 I CONTROL [initandlisten] target_arch: x86_64
2017-01-05T23:56:33.552+0000 I CONTROL [initandlisten] options: { repair: true,storage: { dbPath: "C:\MongoData\" } }
2017-01-05T23:56:33.552+0000 I - [initandlisten] Detected data files in C:\MongoData\ created by the 'wiredTiger' storage engine, so setting the active storage engine to 'wiredTiger'.
2017-01-05T23:56:33.553+0000 I STORAGE [initandlisten] Detected WT journal files. Running recovery from last checkpoint.
2017-01-05T23:56:33.553+0000 I STORAGE [initandlisten] journal to nojournal transition config: create,cache_size=1G,session_max=20000,eviction=(threads_max=4), config_base=false,statistics=(fast),log=(enabled=true,archive=true,path=journal, compressor=snappy),file_manager=(close_idle_time=100000),checkpoint=(wait=60,log_size=2GB),statistics_log=(wait=0),
2017-01-05T23:56:33.563+0000 I - [initandlisten] Assertion: 28718:2: No such file or directory
2017-01-05T23:56:33.563+0000 I STORAGE [initandlisten] exception in initAndListen: 28718 2: No such file or directory, terminating
2017-01-05T23:56:33.564+0000 I CONTROL [initandlisten] dbexit: rc: 100
2017-01-05T23:56:33.563+0000 I STORAGE [initandlisten] exception in initAndListen: 28718 2: No such file or directory, terminating
2017-01-05T23:56:33.564+0000 I CONTROL [initandlisten] dbexit: rc: 100
I’ve tried the WiredTiger command line utility and compiled it with snappy.
On call this command:
wt -v -h
c:\data\restore\MongoData -R salvage collection-4--8793870081174319648.wt
I get the Error: “wt: No such file or directory”
I have
tried some other wt-files and direct paths etc. But I get the same results.
We are absolutely desperate and will not support that guy.
Who can help me?
Attila Tozser
Jan 6, 2017, 7:22:27 PM1/6/17
to mongod...@googlegroups.com
Have you tried this? : http://www.alexbevi.com/blog/2016/02/10/recovering-a-wiredtiger-collection-from-a-corrupt-mongodb-installation/ (read the comments as well)
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/d09c7dd0-f145-4eae-89c5-71994733f9e6%40googlegroups.com.--
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to the Google Groups "mongodb-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+unsubscribe@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
MongoLover
Jan 6, 2017, 7:44:21 PM1/6/17
to mongodb-user
Yes, I have tried this already.. I always get the Error: “wt: No such file or directory” on salvage or other commands...
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user...@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
Attila Tozser
Jan 7, 2017, 5:24:18 AM1/7/17
to mongod...@googlegroups.com
If you do this:
./wt -v -h ../db -C "extensions=[./ext/compressors/snappy/.libs/libwiredtiger_snappy.so]" -R dump -f ../collection.dump ./collection-0--3334788985743856927.wt
lt-wt: cursor open(table:./collection-0--3334788985743856927.wt) failed: No such file or directory
ls -la ../db
204800 Jan 7 11:18 collection-0--3334788985743856927.wt
But as the post describes if you remove the .wt from the filename, (as the parameter is not the filename) than it will work:
./wt -v -h ../db -C "extensions=[./ext/compressors/snappy/.libs/libwiredtiger_snappy.so]" -R dump -f ../collection.dump collection-0--3334788985743856927
I think you may will find, the comments under the post useful also.
Good luck,
Best,
Attila
To unsubscribe from this group and stop receiving emails from it, send an email to mongodb-user+unsubscribe@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.
To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/6a96faf0-b7f5-4beb-8256-4b333bb61135%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages