Debian 10.13 ISPConfig 3.? I have a mongoDB that keeps dropping databases. I restore the databases and then they disappear again the next evening and I am left with A 0.0125 BTC ransom note. Changing passwords does not seem to help. > show databases READ__ME_TO_RECOVER_YOUR_DATA 40.00 KiB admin 180.00 KiB config 108.00 KiB > use READ__ME_TO_RECOVER_YOUR_DATA switched to db READ__ME_TO_RECOVER_YOUR_DATA READ__ME_TO_RECOVER_YOUR_DATA> show collections README READ__ME_TO_RECOVER_YOUR_DATA> db.README.find() [ { _id: ObjectId("6527d5f6090ec5018578951f"), content: 'All your data is backed up. You must pay 0.0125 BTC to 14B8iRn9k76fTmgvax4ZPyJDWqM67nrA8v In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data1)After paying send mail to us: [email protected] and we will provide a link for you to download your data. Your DBCODE is: 1MS13' } ] What is the best way to remove, reinstall and/or clean-up mongo so that I can restore my DB and normal operation? Moving forward what should be done to harden this DB. All of my passwords are extremely long and complex
change all passwords for mongodb user logins. change mongodb root user password.. change debian root passwd. change password for any debian user with mongodb logins. change password for anyone allowed to sudo to root. don't allow access to the mongodb port from outside the server's local network. or if you need to, only allow access to the specific ip's that do need access. before restoring any db backup, check all the backed up db contents, and check all code from anything that has mongodb access, and check all code for anything that has access to code that has mongodb access. make sure there's not already something in there sending any db access details out into the world.
