tylkomat
mongodb hacked after a view hours of being accessible
You encountered the same issue that happened to me. Replica sets have to be configured and made secure by yourself. The slider that enables replica sets does only enable replica sets, but leaves everything unconfigured in terms of security. So I suspect the set is open for anyone to join and mess with your data
41 replies
mongodb hacked after a view hours of being accessible
@rainTrip I used MongoDB Compass with the credentials I provided when creating that database. I had to enable "Direct Connection" under "Advanced Connection Options" otherwise it wouldn't connect.
41 replies
mongodb hacked after a view hours of being accessible
@Siumauricio I never used replica sets before, but that setting to enable makes it just too easy. It looks like replica sets are by default unprotected and if you make the mistake to open the container to the internet, than you are in big trouble. Probably it should at least ask for another set of credentials to be configured to protect the replica set. I would also suggest to configure a certificate when the database is opened to the internet.
I wonder if many users use the database integration, since it lacks some options that a plain docker container has.
Maybe special features are not even necessary for the predefined database integrations.
41 replies
mongodb hacked after a view hours of being accessible
I believe it was the combination of public port and replicaset. How the replicaset is configured by default in dokploy is not secure. It binds to all IPs, although it should only bind to the host IP. There are warnings everywhere in the mongo docs to secure everything before putting it public. I was expecting dokploy to handle this for me.
41 replies