Estimate a project
Estimate Project

How to protect your MongoDB from hacks?

Recently thousands system administators faced massive cyber-attacks on MongoDB. Hackers receive the access to the system, delete important data and ask for significant redemption.

Let us share with you some very valuable advices on how to avoid such unpleasant experience. During recent server setup on one of ours cloud-services our team found:

skitch-02

Surprisingly, but attempt to get remote access by simply connect within a console was successful!

What does it mean? Anybody from outside world have a free access to your database and can do anything, whether drop an entire database or fetch an important records with an information about the users, customers, their e-mails, phone numbers, addresses etc.

Digging into mongodb’s config (/etc/mongodb.conf), we couldn’t find any word about remote access. After some time spent on googling we found that there is an ability at least to bind the database server to the local host, by adding a line:

After the server restart – an access from outside was closed!

It appears that some of version of mongodb installed through the packages have remote access enabled by default.

MongoDB-Gera

It was curious, and without hesitation, we have dropped a few lines on beloved ruby:

Here you may find a very decent list of open MongoDB databases, some of them are on the authorization, some just for backup, but still open. Being advanced hacker, you can use something like that:

And get list of opened 27017 (the default MongoDb’s port) ports around you:

Then feed them to the mmap utility so you can get an info faster. Check this:

The hackers

Our simple investigation lead as to tons of articles of hacking mongodb databases all over the world!

We’ve found number of databases already hacked:

skitch-01

An attackers is now hijacking and wiping out unsecured MongoDB databases, but keeping a copy of those databases. They ask administrators for a ransom of up to 0,5 Bitcoins (which is around $530) to return the lost data. So, admins without backups are left in a bind.

security-Gera

How to protect your mongoDB

  • Be sure NEVER EVER to leave you database open! At least remember en experience of related databases, like MySQL, where from the first launch you have to set a password for you root user and THEN do what you want, open remote access, create other users and grant them some permissions, etc.
  • Enable authentication that provides you ‘Defense in depth’ if your network is compromised. Edit your MongoDB configuration file — auth = true.
  • Use firewalls — and again Disable remote access to the MongoDB, if possible. Admins are advised to use firewalls to protect the MongoDB installations by blocking access to port no. 27017.
  • Configure Bind_ip — Limit access to the server by binding local IP addresses.
  • Upgrade — Administrators are strongly recommended to upgrade their software to the latest releases (which is more secure at the moment, and should have restricted access enabled by default)
  • Follow the security checklist:

Be Gera-responsible.

RB_4

Tags: , ,