Hacked mongoDB on Ubuntu, scraping application


I am using Ubuntu 16.04 for scraping with python-scrapy, storing the data in MongoDB. Today I logged in and found this hack message

I don’t understand how could this have hapenned. I log to DO through SSH on my personal computer and my application has no other way to interact with the Internet, it only downloads data and stores it. Any advice on how to recover the data, or how to protect from further attacks?



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Make sure you have firewall up and running. The most common options are ufw or DigitalOcean Cloud Firewalls. Choose one – Both provide the same functionality, ufw works as a software firewall on your Droplet while Cloud Firewall is sort of “hardware” firewall.

Never expose database (in your case MonogoDB) directly. If you need to access data from the Internet, it’s recommended to create an API.

Beside Firewall, use SSH keys instead of password for SSH logins. Step Four and Five of the Initial Set Up tutorial cover this. You can also set up fail2ban to additionally protect your server against brute-force attack.

Check out the 7 Security Measures to Protect Your Servers article. It has good recommendations on how to additionally secure your Droplet.

I guess there’s no way to recover your data beside paying for it, but it’s still not guaranteed that you will receive your data back.

Do you have a firewall up, making sure all incoming connections except ssh is denied?