MongoDB数据库自动删除 [英] MongoDB database deleted automatically

问题描述

这些天，我对MongoDB的行为感到非常困惑.我正在Windows Live服务器上运行MEAN(MongoDB，Express，Angular，NodeJS)应用程序.两次发生了与我的应用程序连接的整个数据库被自动删除的情况.我不知道这是怎么回事.我已经在网上搜索了，但没有找到答案.我将Monk用于MongoDB.

I am very confused with the MongoDB behavior I am facing these days. I am running a MEAN(MongoDB, Express, Angular, NodeJS) application on a windows live server. Two times it happened that the whole database my application is connected with is deleted automatically. I have no clue what is happening with it. I have searched the web but found no answer on it. I am using Monk for the MongoDB.

我如何发现问题所在?

推荐答案

嘿，这是病毒攻击，请阅读本文

Hey It is a virus attack read this article https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-professional-ransomware-group-gets-involved-infections-reach-28k-servers/

实际上，超过28k mongodb服务器受到了社区的攻击，他们已经删除了数据库或对其进行了加密.现在他们要求比特币提供备份.

Actually more then 28k mongodb server have been attacked by the community and they have either deleted the database or have encrypted them. Now they are demanding Bit coin for giving backup.

现在出现的问题是mongoDb安全，因为已经删除或加密了许多数据库

答案是是 Mongodb是完全安全的，其背后的原因是程序员缺乏安全措施.

Answer is YES Mongodb is completely safe the reason behind this was the lack of security measures used by the programmers.

1. 您只应打开Amazone Web服务器(AWS)中所需示例的服务器端口，某些程序员打开安全组的所有端口即可.

现在解决问题.

请检查服务器上的mongod.conf文件:

Do check mongod.conf file on the server:

当我们安装mongodb时，服务器上会自动生成一个文件名mongod.conf.您可以通过以下命令进行检查.

When we install mongodb a file name mongod.conf is automatically generated on the server. you can check it by following command.

cd /etc/
sudo vim mongod.conf

在此图像中，您会发现bindIp是127.0.0.1，这是一个本地主机，意味着仅允许该服务器使用数据库.在您的情况下，该数据库必须是0.0.0.0 ，这允许黑客获取访问您的数据并删除所有文件，因此只需将bindIp更新为127.0.0.1，就不会再发生了.

in this image you will find bindIp is 127.0.0.1 which is a localhost means only this server is allowed to use the database in your case this must be 0.0.0.0 which allow the hackers to get access to your data and delete all the files so just update the bindIp to 127.0.0.1 and it wont happen as of now.

即使您可以使用mongo身份验证，也请使用此链接以获取更多参考 https://docs .mongodb.com/manual/tutorial/enable-authentication/

Even you can use mongo Authentication use this link for further reference https://docs.mongodb.com/manual/tutorial/enable-authentication/

这篇关于MongoDB数据库自动删除的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！