tylkomat
mongodb hacked after a view hours of being accessible
I set up dokploy on a fresh server and configured my application. Nextjs with mongodb and replicasets enabled.
While trying to figure out ufw settings to block access from outside, but allow docker, I noticed in the mongodb log that all the tables where dropped and a new index created.
The index had a message saying that my data is backed up and I should pay x amount of bitcoin.
The collections where empty and nothing important is lost, but I wonder how someone could get in so fast.
As far as I understand the db is protected with a user and password on creation. My password was randomly generated 15 chars of letters and numbers.
Any ideas?
41 replies