mongodb hacked after a view hours of being accessible
I set up dokploy on a fresh server and configured my application. Nextjs with mongodb and replicasets enabled.
While trying to figure out ufw settings to block access from outside, but allow docker, I noticed in the mongodb log that all the tables where dropped and a new index created.
The index had a message saying that my data is backed up and I should pay x amount of bitcoin.
The collections where empty and nothing important is lost, but I wonder how someone could get in so fast.
As far as I understand the db is protected with a user and password on creation. My password was randomly generated 15 chars of letters and numbers.
Any ideas?
While trying to figure out ufw settings to block access from outside, but allow docker, I noticed in the mongodb log that all the tables where dropped and a new index created.
The index had a message saying that my data is backed up and I should pay x amount of bitcoin.
The collections where empty and nothing important is lost, but I wonder how someone could get in so fast.
As far as I understand the db is protected with a user and password on creation. My password was randomly generated 15 chars of letters and numbers.
Any ideas?
