MongoDB was recently used in CryptoHub, the first of its kind. It turned out that the VPS CPU often soared above 100%, and then all the programs on it hung up and had to be manually restarted. After the restart, the MongoDB database was found to have lost all data, and a Warning database was added.
Later, I found out that MongoDB does not enable authentication by default. This has been happening since the beginning of 2017. Fortunately, I saved all the insert statements in the log and it is easy to recover.
Due to the currency books all transparent, we can according to the address of the hacker query to his trading records: blockchain. Info/address / 13 y… And concluded that he had not received any bitcoin… Another possibility is that he left a different wallet address for each victim.
Providing user authentication for MongoDB is simple:
-
Mongod starts the service.
-
If mongo goes to MongoDB, the test database is entered by default.
-
> switch to the admin database to switched to db Db.createuser ({user:'livc', PWD :'pass', roles:['root']}) > db.adduser ("livc", "pass") WARNING: The 'addUser' shell helper is DEPRECATED. Please use 'createUser' instead Successfully added user: { "user" : "livc", "roles" : [ "root" ] } > db.system.users.find(); Query # {" _id ":" admin. Livc ", "user" : "livc", "db" : "admin", "credentials" : {" mongo - CR ": "9efd6764037f18abe15260de80f003a5" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }Copy the code
-
Mongod -auth Restarts MongoDB in authentication mode and re-enters Mongo.
-
> use admin to switched to db admin > db.auth("livc", "pass") #Copy the code
You can then operate the database normally.
Buy me a coffee
Zhao Li
(CC) BY-NC-SA
gossip
mongodb
btc