[bitfolk] Someone seems to be wiping open MongoDB servers

Top Page
Author: Andy Smith
Date:  
To: users
Subject: [bitfolk] Someone seems to be wiping open MongoDB servers

Reply to this message
gpg: Signature made Wed Jan 4 22:29:24 2017 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,

According to:

    https://twitter.com/0xDUDE/status/813865069218037760


someone is now wiping out the contents of open MongoDB servers and
demanding payment in Bitcoins to return the data.

A good reminder to properly secure things like MongoDB by only
letting them run on localhost, and/or firewalling them off.

Open MongoDB is one of the things we nag you about but don't go any
further than nagging.

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting