• mongodb数据库被黑客删除数据的表现


    前些日子看阿里云便宜,买了一个,安装了一个mongodb,自己连着做调试。
    好久没用了,今天突然惊喜的发现被黑客登录了。没想到居然还有人靠这么低级的漏洞混饭吃。
    被黑的表现如下:

    > show dis
    HOW_TO_RESTORE_mydb1  0.078GB
    HOW_TO_RESTORE_mydb2  0.078GB
    README                0.078GB
    local                 0.078GB
    mydb1                 0.453GB
    mydb2                 0.453GB
    

    其中mydb1的数据和mydb2的数据都被清空了。
    从mongodb的直连地址来自美国(当然也有可能是用的美国服务器做的代理,但是事发之后并不能ping通那个ip,应该对方水平也并不高,可能真是用的自己的PC):

    删除数据库的时间是:4:27
    其中HOW_TO_RESTORE_mydb1、HOW_TO_RESTORE_mydb2、README存储的是勒索信息。勒索信息如下:

    > use HOW_TO_RESTORE_mydb1
    switched to db HOW_TO_RESTORE_mydb1
    > show tables;
    HOW_TO_RESTORE
    system.indexes
    > db.HOW_TO_RESTORE.findOne();
    {
    	"_id" : ObjectId("5d95544778e531762eb557c2"),
    	"What_happend" : "Your DB was saved and archived, you have 7 days to restore it.",
    	"___" : "",
    	"How_to_restore" : "Send 0.125 Bitcoin to address bellow",
    	"pay_to_btc_address" : "19Ng6XNfCo9pdzDred8ztgWf9BbpTiBr6M",
    	"email_to" : "Send email to baseshaver@criptext.com OR baseshaver@elude.in with your ID-code and transaction link! More info on links below!",
    	"YOUR_ID_CODE" : "5c487d7b3cce97442e95825b5c487d7b3cce9744",
    	"get_db_back" : "You will get your db archive back immediately right after we receive an email and check payment.",
    	"TIME" : "you have 7 days to pay, then DB will be published on private hack forum and deleted from our HDDs.",
    	"contact_problems" : "If you not get answer in 12 hours or get errors when sending letters use reserve emails or check MORE_INFO for another contacts:",
    	"reserve_emails" : "baseshaver@protonmail.com | baseshaver@keemail.me | baseshaver@inbox.lv |  baseshaver@yandex.com | baseshaver@secmail.pro | baseshaver@lycos.com",
    	"MORE_INFO" : "You can find more information here: https://anotepad.com/note/read/53sex69b OR https://onlinenotepad.us/LAeK8dBJc8 ",
    	"____" : "",
    	"Where_to_buy_btc" : "List below of exchanges where you can buy BTC in next collection!",
    	"BTC_Exchanges" : " localbitcoins.com | paxful.com | payments.changelly.com | wirex.com | abra.com | coinmama.com ",
    	"BTC_Guides" : " https://www.buybitcoinworldwide.com/ | https://en.bitcoin.it/wiki/Main_Page "
    }
    
    > use README
    switched to db README
    > show tables;
    README
    system.indexes
    > db.README.findOne();
    {
    	"_id" : ObjectId("5a460f404186ec47a8181643"),
    	"Bitcoin" : "16NHQZe81LqTPfekW3VXvnyZcFLR37VyHi",
    	"Email" : "4b4340f8c832472e902b5482bcfdedfa@protonmail.com",
    	"Exchange" : "https://localbitcoins.com",
    	"Solution" : "Your database has been downloaded and backed up on our secured servers. To recover your lost data: Send 0.1 BTC to our Bitcoin address and contact us by email with your MongoDB server IP address and proof of payment."
    }
    

    解决方法大家都应该知道,设置密码,改端口,新建用户跑mongodb,只监听127.0.0.1,设置防火墙等。就不多说了。

  • 相关阅读:
    margin+absolute布局:右栏固定主内容自适应 demo
    localForage——轻松实现 Web 离线存储
    迷你MVVM框架 avalonjs 1.2.6发布
    收起.NET程序的dll来
    从锅炉工到AI专家 ---- 系列教程
    DevExpress中实现GridControl的分页功能
    树莓派 ---- 个人总结
    树莓派安装内网穿透版花生壳服务
    winform 多线程中ShowDialog()模式窗口无效的解决办法
    局域网匿名访问共享文件
  • 原文地址:https://www.cnblogs.com/bugutian/p/12205362.html
Copyright © 2020-2023  润新知