Home > database >  About directing a security problem
About directing a security problem

Time:09-16

On April 14, one of my test mongo database is blackmail...
Database has been opened the auth validation, look from the log is use admin operation directly, but I don't know is how to implement, security breach or any other reason, how to defense?? Is only by shutting down the network to access and change to other than the default port to stop? (more curious is how to implement) at a great god answer.

The following is a log:
Reference
2020-04-14 T17: glorifying the. 933 + 0800 I NETWORK/listener connection accepted from 45.227.255.190:56556 # 322 (six connections now open)
The 2020-04-14 T17: glorifying the. 934 + 0800 I NETWORK [conn322] received client metadata from 45.227.255.190:56556 conn322: {driver: {name: "PyMongo", version: "3.10.1"}, OS: {type: "Linux," name: "Linux," architecture: "x86_64," version: "4.15.18-9 - pve"}, platform: "retaining 3.5.3. Final. 0"}
The 2020-04-14 T17:13:49. 279 + 0800 I NETWORK/listener connection accepted from 45.227.255.190:56652 # 323 (7 connections now open)
The 2020-04-14 T17:13:49. 812 + 0800 I NETWORK [conn323] received client metadata from 45.227.255.190:56652 conn323: {driver: {name: "PyMongo", version: "3.10.1"}, OS: {type: "Linux," name: "Linux," architecture: "x86_64," version: "4.15.18-9 - pve"}, platform: "retaining 3.5.3. Final. 0"}
Prominence T17:2020-04-14. 462 + 0800 I COMMAND [conn323] COMMAND admin. $CMD COMMAND: dropDatabase {dropDatabase: 1, the lsid: {id: UUID (" 252 b8501 - b99a b3-458 - d - 99 - bbee85ffd82f ")}, $db: "admin", $readPreference: {mode: "primary"}} numYields: ok: 0 0 errMsg: "Dropping the 'admin' database is prohibited." errName: IllegalOperation errCode: 20 reslen: 136 the locks: {} protocol: op_msg 293 ms
Prominence T17:2020-04-14. 635 + 0800 I COMMAND/conn323 dropDatabase config - starting
Prominence T17:2020-04-14. 656 + 0800 I COMMAND/conn323 dropDatabase config - dropping collection: config. System. Sessions
The 2020-04-14 T17: they. 218 + 0800 I COMMAND/conn323 dropDatabase config - dropped 1 collection (s)
The 2020-04-14 T17: they. 218 + 0800 I COMMAND/conn323 dropDatabase config - finished
2020-04-14T17:13:51.218+0800 I COMMAND [conn323] command config command: dropDatabase { dropDatabase: 1, lsid: { id: UUID("252b8501-b99a-458d-99b3-bbee85ffd82f") }, $db: "config", $readPreference: { mode: "primary" } } numYields:0 reslen:58 locks:{ ParallelBatchWriterMode: { acquireCount: { r: 1 } }, ReplicationStateTransition: { acquireCount: { w: 1 } }, Global: { acquireCount: { w: 1 } }, Database: { acquireCount: { W: 1 } }, Mutex: { acquireCount: { r: 1 } } } flowControl:{ acquireCount: 1 } storage:{} protocol:op_msg 583ms
The 2020-04-14 T17: they. 391 + 0800 I COMMAND/conn323 dropDatabase local - starting
The 2020-04-14 T17: they. 391 + 0800 I COMMAND/conn323 dropDatabase local - dropping collection: local. Startup_log
The 2020-04-14 T17: they. 412 + 0800 I COMMAND/conn323 dropDatabase local - dropped 1 collection (s)
The 2020-04-14 T17: they. 412 + 0800 I COMMAND/conn323 dropDatabase local - finished
. (part is omitted delete library operation)
The 2020-04-14 T17: they. 831 + 0800 I SHARDING [conn323] Marking collection HOW_TO_RECOVERY_BASE. README as collection version: & lt; Unsharded>
The 2020-04-14 T17: they. 832 + 0800 I STORAGE [conn323] createCollection: HOW_TO_RECOVERY_BASE. The README with generated UUID: da976b4c - 55 df - 486 - e - b501-173 d8807e6de and options: {}
Therefore the T17:2020-04-14. 147 + 0800 I INDEX [conn323] INDEX build: done building the INDEX _id_ on ns HOW_TO_RECOVERY_BASE. The README
2020-04-14T17:13:52.148+0800 I COMMAND [conn323] command HOW_TO_RECOVERY_BASE.README command: insert { insert: "README", ordered: true, lsid: { id: UUID("252b8501-b99a-458d-99b3-bbee85ffd82f") }, $db: "HOW_TO_RECOVERY_BASE", $readPreference: { mode: "primary" } } ninserted:1 keysInserted:1 numYields:0 reslen:45 locks:{ ParallelBatchWriterMode: { acquireCount: { r: 4 } }, ReplicationStateTransition: { acquireCount: { w: 4 } }, Global: { acquireCount: { w: 4 } }, Database: { acquireCount: { w: 3, W: 1 } }, Collection: { acquireCount: { r: 2, w: 2, W: 1 } }, Mutex: { acquireCount: { r: 3 } } } flowControl:{ acquireCount: 4 } storage:{} protocol:op_msg 316ms
Therefore the T17:2020-04-14. 320 + 0800 I NETWORK [conn322] end connection 45.227.255.190:56556 (six connections now open)
Therefore the T17:2020-04-14. 321 + 0800 I NETWORK [conn323] end connection 45.227.255.190:56652 (5 connections now open)

CodePudding user response:

For bosses to solve

Page link:https//www.codepudding.com/database/3638.html

Prev:MySQL in the event of the start/stop and look at it
Next:Help: SQL sever2008 uninstall reshipment have failed so many times
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding