阿里云服务器Mongodb被黑,数据丢失

    技术2022-07-10  213

    问题

    最近将项目部署在阿里云服务器上,在mongodb中存储的图片以及数据都没了. 白天添加的数据,到了第二天,所有数据都没有.

    原因

    在mongodb的db中出现一个如下名字的库:

    READ_ME_TO_RECOVER_YOUR_DATA

    打开后会出现:

    All your data is a backed up. You must pay 0.015 BTC to 1EB3de8cZFxCNBaUhsP9Ax9egZzyPdTULt 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with your DB IP: r3covery_base@protonmail.com

    结果去查了下发现就是被黑了…

    解决方案

    因为现在配置文件中的bind_ip是0.0.0.0,任何Ip都可以访问,将Ip改为127.0.0.1…但是只能本机访问,外部数据存储不了.PASS掉配置文件中增加auth=true的配置,验证默认是false,由于这个配置在启动时,需要先验证管理员信息,不适合项目使用,因为项目使用的mongodb是新增的一个用户,外部访问会有问题.修改端口,测试中,过两天看结果…暂时没有想到别的了…后期补充
    Processed: 0.085, SQL: 9