Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Mongodb installation error Question Question
Robomongo connection Ubuntu 16.04 Question Question

Question

Hacked mongoDB on Ubuntu, scraping application

Posted December 25, 2017 4.1k views
MongoDBUbuntu 16.04

Hello,

I am using Ubuntu 16.04 for scraping with python-scrapy, storing the data in MongoDB. Today I logged in and found this hack message

I don’t understand how could this have hapenned. I log to DO through SSH on my personal computer and my application has no other way to interact with the Internet, it only downloads data and stores it. Any advice on how to recover the data, or how to protect from further attacks?

Thanks,

Add a comment
gianfrancorossir
By:
gianfrancorossir

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Mongodb installation error Question Question
Robomongo connection Ubuntu 16.04 Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
lampreyOne December 25, 2017

Do you have a firewall up, making sure all incoming connections except ssh is denied?

Reply Report
xMudrii December 25, 2017

Make sure you have firewall up and running. The most common options are ufw or DigitalOcean Cloud Firewalls.
Choose one – Both provide the same functionality, ufw works as a software firewall on your Droplet while Cloud Firewall is sort of “hardware” firewall.

Never expose database (in your case MonogoDB) directly. If you need to access data from the Internet, it’s recommended to create an API.

Beside Firewall, use SSH keys instead of password for SSH logins. Step Four and Five of the Initial Set Up tutorial cover this.
You can also set up fail2ban to additionally protect your server against brute-force attack.

Check out the 7 Security Measures to Protect Your Servers article. It has good recommendations on how to additionally secure your Droplet.

I guess there’s no way to recover your data beside paying for it, but it’s still not guaranteed that you will receive your data back.

How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
by Shaun Lewis
Learn how to setup a firewall with UFW on an Ubuntu / Debian cloud server.
Reply Report

Related

Looking for something else?

Ask a new question Search for more help