标签：RESTORE mongodb 数据库 db HOW 黑客 baseshaver GB com

前些日子看阿里云便宜，买了一个，安装了一个mongodb，自己连着做调试。
好久没用了，今天突然惊喜的发现被黑客登录了。没想到居然还有人靠这么低级的漏洞混饭吃。
被黑的表现如下：

> show dis
HOW_TO_RESTORE_mydb1  0.078GB
HOW_TO_RESTORE_mydb2  0.078GB
README                0.078GB
local                 0.078GB
mydb1                 0.453GB
mydb2                 0.453GB

其中mydb1的数据和mydb2的数据都被清空了。
从mongodb，黑客来自美国：

删除数据库的时间是：4:27
其中HOW_TO_RESTORE_mydb1、HOW_TO_RESTORE_mydb2、README存储的是勒索信息。勒索信息如下：

> use HOW_TO_RESTORE_mydb1
switched to db HOW_TO_RESTORE_mydb1
> show tables;
HOW_TO_RESTORE
system.indexes
> db.HOW_TO_RESTORE.findOne();
{
    "_id" : ObjectId("5d95544778e531762eb557c2"),
    "What_happend" : "Your DB was saved and archived, you have 7 days to restore it.",
    "___" : "",
    "How_to_restore" : "Send 0.125 Bitcoin to address bellow",
    "pay_to_btc_address" : "19Ng6XNfCo9pdzDred8ztgWf9BbpTiBr6M",
    "email_to" : "Send email to baseshaver@criptext.com OR baseshaver@elude.in with your ID-code and transaction link! More info on links below!",
    "YOUR_ID_CODE" : "5c487d7b3cce97442e95825b5c487d7b3cce9744",
    "get_db_back" : "You will get your db archive back immediately right after we receive an email and check payment.",
    "TIME" : "you have 7 days to pay, then DB will be published on private hack forum and deleted from our HDDs.",
    "contact_problems" : "If you not get answer in 12 hours or get errors when sending letters use reserve emails or check MORE_INFO for another contacts:",
    "reserve_emails" : "baseshaver@protonmail.com | baseshaver@keemail.me | baseshaver@inbox.lv |  baseshaver@yandex.com | baseshaver@secmail.pro | baseshaver@lycos.com",
    "MORE_INFO" : "You can find more information here: https://anotepad.com/note/read/53sex69b OR https://onlinenotepad.us/LAeK8dBJc8 ",
    "____" : "",
    "Where_to_buy_btc" : "List below of exchanges where you can buy BTC in next collection!",
    "BTC_Exchanges" : " localbitcoins.com | paxful.com | payments.changelly.com | wirex.com | abra.com | coinmama.com ",
    "BTC_Guides" : " https://www.buybitcoinworldwide.com/ | https://en.bitcoin.it/wiki/Main_Page "
}

> use README
switched to db README
> show tables;
README
system.indexes
> db.README.findOne();
{
    "_id" : ObjectId("5a460f404186ec47a8181643"),
    "Bitcoin" : "16NHQZe81LqTPfekW3VXvnyZcFLR37VyHi",
    "Email" : "4b4340f8c832472e902b5482bcfdedfa@protonmail.com",
    "Exchange" : "https://localbitcoins.com",
    "Solution" : "Your database has been downloaded and backed up on our secured servers. To recover your lost data: Send 0.1 BTC to our Bitcoin address and contact us by email with your MongoDB server IP address and proof of payment."
}

解决方法大家都应该知道，设置密码，改端口，新建用户跑mongodb，只监听127.0.0.1，设置防火墙等。就不多说了。

标签：RESTORE,mongodb,数据库,db,HOW,黑客,baseshaver,GB,com
来源： https://www.cnblogs.com/bugutian/p/12205362.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。