Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed (Author was flagged for spam)

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

37
Just woke up to an empty mongo db with a ransom message, how do I secure my server?
Post Flair (click to view more posts with a particular flair)
Question
Post Body

I didn't have any important data in my db, but all of it was deleted. I would post the ransom message, but it keeps getting removed.

My server is just a DO Droplet. The only ports exposed are for ssh and nginx. Mongo is running in docker, with ports exposed locally but not through ufw. Plaintext passwords are also disabled through ssh. I can't find any good resources online to see what happened to my system, so any help would be appreciated.

EDIT: Just realized that docker networking services bypass ufw. I guess I'll either have to not expose a port, or add authentication to the db (karma on me for not doing that before).

EDIT 2: If anyone else runs into this issue, check out https://docs.docker.com/config/containers/container-networking/ You can expose docker to the localhost only.

Author
User Disabled
Account Strength
0%
Disabled 2 years ago
Account Age
n/a
Verified Email
No
Verified Flair
Yes
Total Karma
n/a
Link Karma
n/a
Comment Karma
n/a
Profile updated: 1 day ago
Posts updated: 1 year ago
[deleted]

Subreddit

r/sysadmin

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
2 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/sysadmin/co...