Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


600TB mongoDB exposed
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Comments

  • so sad, so many startups leaked.

  • 30,000 "system administrators" don't notice that their db app is listening on 0.0.0.0 without any authentication.....

  • RizRiz Member

    Google didn't tell me to change it...

  • FritzFritz Veteran

    Can we assume the exploit was caused by Open Source model?

  • KuJoeKuJoe Member, Host Rep
    Thanked by 1yomero
  • @sleddog said:
    30,000 "system administrators" don't notice that their db app is listening on 0.0.0.0 without any authentication.....

    "gg" to both the "system administrators" and the "hackers."

  • hostnoobhostnoob Member
    edited July 2015

    Did they have to purposely disable authentication though? With MySQL, even when I'm logged in locally I still need to authenticate.

    Or do NoSQL DBs work differently?

  • hostnoob said: Did they have to purposely disable authentication though? With MySQL, even when I'm logged in locally I still need to authenticate.

    Or do NoSQL DBs work differently?

    Authentication is optional, but it's a feature available. Guess they forgot to enable it.

  • hostnoobhostnoob Member
    edited July 2015

    @concerto49 said:
    Authentication is optional, but it's a feature available. Guess they forgot to enable it.

    It's not enabled by default? Wow

  • FrankZFrankZ Veteran

    They should have used SIMP
    /sarcasm

  • jarjar Patron Provider, Top Host, Veteran

    @sleddog said:
    30,000 "system administrators" don't notice that their db app is listening on 0.0.0.0 without any authentication.....

    Yeah that's pretty bad. This is why you use 127.0.0.1 for any service listening on a port that doesn't require public access. If it does require that, authentication should be your first thought.

    Thanked by 1netomx
  • A big corp I'm aware of and where a friend of mine works at seems to be compromised.

  • The issue of MongoDB listening on all IP addresses (by default) was raised back in 2011 and only fixed in April 2014. If that's not a good enough reason to not use MongoDB, take a look at this article I came across a couple days ago.

    Thanked by 2netomx vimalware
  • joepie91joepie91 Member, Patron Provider

    Fritz said: Can we assume the exploit was caused by Open Source model?

    Nothing to do with open source.

    hostnoob said: It's not enabled by default? Wow

    Not until fairly recently, no.

    ub3rstar said: If that's not a good enough reason to not use MongoDB, take a look at this article I came across a couple days ago.

    Hi :)

  • MySQL wins the day!

    Thanked by 1netomx
  • NeoonNeoon Community Contributor, Veteran

    @vladka24 Wait, before they change there config to listen outside

  • GM2015GM2015 Member

    Any host offering 600TB storage servers for $10 a year?

    Thanked by 1Amfy
  • @GM2015 said:
    Any host offering 600TB storage servers for $10 a year?

    This is lowendtalk... 7$ max.

    Thanked by 2Amfy ATHK
  • J1021J1021 Member

    sleddog said: 30,000 "system administrators" don't notice that their db app is listening on 0.0.0.0 without any authentication.....

    30,000 "sys administrators" running without firewalls.

  • ehabehab Member

    a production db should be in private network only.

  • @kcaj said:
    30,000 "sys administrators" running without firewalls.

    That was exactly what I was thinking as well

  • NeoonNeoon Community Contributor, Veteran

    "sys administrators"

  • @vladka24 said:
    MySQL wins the day!

    Especially with that remote admin exploit where everyone could login without knowing the password (regardless of the password's complexity) with a simple bruteforce of around 65k re-tries some time ago.

    Thanked by 1ricardo
Sign In or Register to comment.