Hacked mongoDB on Ubuntu, scraping application

December 25, 2017 1.3k views
MongoDB Ubuntu 16.04

Hello,

I am using Ubuntu 16.04 for scraping with python-scrapy, storing the data in MongoDB. Today I logged in and found this hack message

I don't understand how could this have hapenned. I log to DO through SSH on my personal computer and my application has no other way to interact with the Internet, it only downloads data and stores it. Any advice on how to recover the data, or how to protect from further attacks?

Thanks,

2 Answers

Do you have a firewall up, making sure all incoming connections except ssh is denied?

Make sure you have firewall up and running. The most common options are ufw or DigitalOcean Cloud Firewalls.
Choose one -- Both provide the same functionality, ufw works as a software firewall on your Droplet while Cloud Firewall is sort of "hardware" firewall.

Never expose database (in your case MonogoDB) directly. If you need to access data from the Internet, it's recommended to create an API.

Beside Firewall, use SSH keys instead of password for SSH logins. Step Four and Five of the Initial Set Up tutorial cover this.
You can also set up fail2ban to additionally protect your server against brute-force attack.

Check out the 7 Security Measures to Protect Your Servers article. It has good recommendations on how to additionally secure your Droplet.

I guess there's no way to recover your data beside paying for it, but it's still not guaranteed that you will receive your data back.

by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Have another answer? Share your knowledge.