2018.06.04 11:26

我的腾讯云mongodb被删除了

mongoose.connect('mongodb://user:pw@host1.com:27017,host2.com:27017,host3.com:27017/testdb');

[root@VM_134_103_redhat bin]# mongod -f /etc/mongod.conf --shutdown (先关闭)
[root@VM_134_103_redhat bin]# netstat -an | grep 27017

killing process with pid: 4476

[root@instance-7aqka2xd logs]# mongod  -port 55443 --fork --dbpath=/data/mongodb/data --logpath=/var/log/mongodb/mongod.log --logappend (成功的方式后台启动换端口)

[root@VM_134_103_redhat bin]# netstat -an | grep 55443
tcp        0      0 0.0.0.0:55443           0.0.0.0:*               LISTEN     
tcp        0      0 10.139.134.103:55443    182.150.46.53:62291     ESTABLISHED
tcp        0      0 10.139.134.103:55443    182.150.46.53:62290     ESTABLISHED
tcp        0      0 10.139.134.103:55443    182.150.46.53:62289     ESTABLISHED
tcp        0      0 10.139.134.103:55443    182.150.46.53:62293     ESTABLISHED
unix  2      [ ACC ]     STREAM     LISTENING     15950292 /tmp/mongodb-55443.sock


龙渊外网地址182.150.46.53 (公司的网络对外的地址)
[root@VM_134_103_redhat bin]#  netstat -nltp|grep mongod
tcp        0      0 0.0.0.0:27017           0.0.0.0:*               LISTEN      4476/mongod

mongoose.connect('mongodb://user:pw@host1.com:27017,host2.com:27017,host3.com:27017/testdb');

1、以安全认证模式启动
mongod --auth --dbpath /usr/mongo/data --logfile /var/mongo.log


服务器被攻击的记录
2018-06-01T14:43:37.853+0800 I NETWORK [initandlisten] connection accepted from 59.111.95.23:60031 #1020 (14 connections now open)
2018-06-01T14:43:47.727+0800 I NETWORK [conn1020] end connection 59.111.95.23:60031 (13 connections now open)
2018-06-01T16:38:04.443+0800 I NETWORK [initandlisten] connection accepted from 184.105.139.70:61522 #1021 (14 connections now open)
2018-06-01T16:38:04.718+0800 I NETWORK [conn1021] end connection 184.105.139.70:61522 (13 connections now open)
2018-06-01T16:38:14.213+0800 I NETWORK [initandlisten] connection accepted from 184.105.139.70:10336 #1022 (14 connections now open)
2018-06-01T16:38:14.414+0800 I NETWORK [conn1022] end connection 184.105.139.70:10336 (13 connections now open)
2018-06-01T18:39:40.472+0800 I NETWORK [conn991] end connection 182.150.46.53:54472 (12 connections now open)
2018-06-01T18:39:40.473+0800 I NETWORK [conn1014] end connection 182.150.46.53:61988 (12 connections now open)
2018-06-01T18:39:40.983+0800 I NETWORK [conn992] end connection 182.150.46.53:54474 (10 connections now open)
2018-06-01T18:39:45.079+0800 I NETWORK [conn1013] end connection 182.150.46.53:61987 (9 connections now open)
2018-06-01T18:39:45.591+0800 I NETWORK [conn1011] end connection 182.150.46.53:61211 (8 connections now open)
2018-06-01T18:39:45.591+0800 I NETWORK [conn1012] end connection 182.150.46.53:61214 (7 connections now open)
2018-06-01T18:39:46.103+0800 I NETWORK [conn989] end connection 182.150.46.53:54469 (6 connections now open)
2018-06-01T18:39:46.615+0800 I NETWORK [conn990] end connection 182.150.46.53:54471 (5 connections now open)
2018-06-01T18:39:51.223+0800 I NETWORK [conn1017] end connection 182.150.46.53:57293 (4 connections now open)
2018-06-01T18:39:56.343+0800 I NETWORK [conn1019] end connection 182.150.46.53:57503 (3 connections now open)
2018-06-01T18:40:00.951+0800 I NETWORK [conn1015] end connection 182.150.46.53:62140 (2 connections now open)
2018-06-01T18:40:06.071+0800 I NETWORK [conn1018] end connection 182.150.46.53:57436 (1 connection now open)
2018-06-01T18:40:11.191+0800 I NETWORK [conn1016] end connection 182.150.46.53:62177 (0 connections now open)
2018-06-01T20:06:13.275+0800 I NETWORK [initandlisten] connection accepted from 59.111.95.23:55258 #1023 (1 connection now open)
2018-06-01T20:06:13.364+0800 I NETWORK [conn1023] end connection 59.111.95.23:55258 (0 connections now open)
2018-06-02T07:26:23.466+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:58942 #1024 (1 connection now open)
2018-06-02T07:26:23.466+0800 I NETWORK [conn1024] end connection 101.226.35.225:58942 (0 connections now open)
2018-06-02T07:26:23.508+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:58943 #1025 (1 connection now open)
2018-06-02T07:26:23.508+0800 I NETWORK [conn1025] end connection 101.226.35.225:58943 (0 connections now open)
2018-06-02T07:26:23.746+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:58962 #1026 (1 connection now open)
2018-06-02T07:26:23.746+0800 I NETWORK [conn1026] end connection 101.226.35.225:58962 (0 connections now open)
2018-06-02T07:26:24.017+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:58981 #1027 (1 connection now open)
2018-06-02T07:26:24.017+0800 I NETWORK [conn1027] end connection 101.226.35.225:58981 (0 connections now open)
2018-06-02T07:26:24.326+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59011 #1028 (1 connection now open)
2018-06-02T07:26:24.326+0800 I NETWORK [conn1028] end connection 101.226.35.225:59011 (0 connections now open)
2018-06-02T07:26:24.608+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59052 #1029 (1 connection now open)
2018-06-02T07:26:24.608+0800 I NETWORK [conn1029] end connection 101.226.35.225:59052 (0 connections now open)
2018-06-02T07:26:24.910+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59086 #1030 (1 connection now open)
2018-06-02T07:26:24.910+0800 I NETWORK [conn1030] end connection 101.226.35.225:59086 (0 connections now open)
2018-06-02T07:26:25.155+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59124 #1031 (1 connection now open)
2018-06-02T07:26:25.156+0800 I NETWORK [conn1031] end connection 101.226.35.225:59124 (0 connections now open)
2018-06-02T07:26:25.368+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59141 #1032 (1 connection now open)
2018-06-02T07:26:25.368+0800 I NETWORK [conn1032] end connection 101.226.35.225:59141 (0 connections now open)
2018-06-02T07:26:25.618+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59158 #1033 (1 connection now open)
2018-06-02T07:26:25.618+0800 I NETWORK [conn1033] end connection 101.226.35.225:59158 (0 connections now open)
2018-06-02T07:26:25.831+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59178 #1034 (1 connection now open)
2018-06-02T07:26:25.832+0800 I NETWORK [conn1034] end connection 101.226.35.225:59178 (0 connections now open)
2018-06-02T07:26:26.099+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59203 #1035 (1 connection now open)
2018-06-02T07:26:26.099+0800 I NETWORK [conn1035] end connection 101.226.35.225:59203 (0 connections now open)
2018-06-02T07:26:26.368+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59228 #1036 (1 connection now open)
2018-06-02T07:26:26.368+0800 I NETWORK [conn1036] end connection 101.226.35.225:59228 (0 connections now open)
2018-06-02T07:26:26.619+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59242 #1037 (1 connection now open)
2018-06-02T07:26:26.619+0800 I NETWORK [conn1037] end connection 101.226.35.225:59242 (0 connections now open)
2018-06-02T07:26:26.826+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59264 #1038 (1 connection now open)
2018-06-02T07:26:26.828+0800 I NETWORK [conn1038] end connection 101.226.35.225:59264 (0 connections now open)
2018-06-02T07:26:27.126+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59284 #1039 (1 connection now open)
2018-06-02T07:26:27.126+0800 I NETWORK [conn1039] end connection 101.226.35.225:59284 (0 connections now open)
2018-06-02T07:26:27.429+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59313 #1040 (1 connection now open)
2018-06-02T07:26:27.430+0800 I NETWORK [conn1040] end connection 101.226.35.225:59313 (0 connections now open)
2018-06-02T07:26:27.650+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59329 #1041 (1 connection now open)
2018-06-02T07:26:27.652+0800 I NETWORK [conn1041] end connection 101.226.35.225:59329 (0 connections now open)
2018-06-02T07:26:27.885+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59343 #1042 (1 connection now open)
2018-06-02T07:26:27.885+0800 I NETWORK [conn1042] end connection 101.226.35.225:59343 (0 connections now open)
2018-06-02T07:26:28.256+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59367 #1043 (1 connection now open)
2018-06-02T07:26:28.256+0800 I NETWORK [conn1043] end connection 101.226.35.225:59367 (0 connections now open)
2018-06-02T07:26:28.643+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59390 #1044 (1 connection now open)
2018-06-02T07:26:28.643+0800 I NETWORK [conn1044] end connection 101.226.35.225:59390 (0 connections now open)
2018-06-02T07:26:28.857+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59411 #1045 (1 connection now open)
2018-06-02T07:26:28.858+0800 I NETWORK [conn1045] end connection 101.226.35.225:59411 (0 connections now open)
2018-06-02T07:26:29.074+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59426 #1046 (1 connection now open)
2018-06-02T07:26:29.074+0800 I NETWORK [conn1046] end connection 101.226.35.225:59426 (0 connections now open)
2018-06-02T07:26:29.286+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59435 #1047 (1 connection now open)
2018-06-02T07:26:29.286+0800 I NETWORK [conn1047] end connection 101.226.35.225:59435 (0 connections now open)
2018-06-02T07:26:29.568+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59459 #1048 (1 connection now open)
2018-06-02T07:26:29.568+0800 I NETWORK [conn1048] end connection 101.226.35.225:59459 (0 connections now open)
2018-06-02T07:26:29.772+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59476 #1049 (1 connection now open)
2018-06-02T07:26:29.772+0800 I NETWORK [conn1049] end connection 101.226.35.225:59476 (0 connections now open)
2018-06-02T07:26:30.049+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59492 #1050 (1 connection now open)
2018-06-02T07:26:30.049+0800 I NETWORK [conn1050] end connection 101.226.35.225:59492 (0 connections now open)
2018-06-02T07:26:30.425+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59519 #1051 (1 connection now open)
2018-06-02T07:26:30.425+0800 I NETWORK [conn1051] end connection 101.226.35.225:59519 (0 connections now open)
2018-06-02T07:26:30.658+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59538 #1052 (1 connection now open)
2018-06-02T07:26:30.658+0800 I NETWORK [conn1052] end connection 101.226.35.225:59538 (0 connections now open)
2018-06-02T07:26:30.895+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59560 #1053 (1 connection now open)
2018-06-02T07:26:30.895+0800 I NETWORK [conn1053] end connection 101.226.35.225:59560 (0 connections now open)
2018-06-02T07:26:31.180+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59580 #1054 (1 connection now open)
2018-06-02T07:26:31.181+0800 I NETWORK [conn1054] end connection 101.226.35.225:59580 (0 connections now open)
2018-06-02T07:26:31.500+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59601 #1055 (1 connection now open)
2018-06-02T07:26:31.500+0800 I NETWORK [conn1055] end connection 101.226.35.225:59601 (0 connections now open)
2018-06-02T07:26:31.715+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59627 #1056 (1 connection now open)
2018-06-02T07:26:31.715+0800 I NETWORK [conn1056] end connection 101.226.35.225:59627 (0 connections now open)
2018-06-02T07:26:31.996+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59649 #1057 (1 connection now open)
2018-06-02T07:26:31.996+0800 I NETWORK [conn1057] end connection 101.226.35.225:59649 (0 connections now open)
2018-06-02T07:26:32.253+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59675 #1058 (1 connection now open)
2018-06-02T07:26:32.253+0800 I NETWORK [conn1058] end connection 101.226.35.225:59675 (0 connections now open)
2018-06-02T07:26:32.501+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59695 #1059 (1 connection now open)
2018-06-02T07:26:32.506+0800 I NETWORK [conn1059] end connection 101.226.35.225:59695 (0 connections now open)
2018-06-02T07:26:32.823+0800 I NETWORK [initandlisten] connection accepted from 101.226.35.225:59722 #1060 (1 connection now open)
2018-06-02T07:26:32.823+0800 I NETWORK [conn1060] end connection 101.226.35.225:59722 (0 connections now open)
2018-06-02T11:08:30.317+0800 I NETWORK [initandlisten] connection accepted from 107.170.229.43:43956 #1061 (1 connection now open)
2018-06-02T11:08:40.028+0800 I NETWORK [conn1061] end connection 107.170.229.43:43956 (0 connections now open)
2018-06-02T16:30:40.200+0800 I NETWORK [initandlisten] connection accepted from 74.82.47.3:30426 #1062 (1 connection now open)
2018-06-02T16:30:40.462+0800 I NETWORK [conn1062] end connection 74.82.47.3:30426 (0 connections now open)
2018-06-02T16:30:51.201+0800 I NETWORK [initandlisten] connection accepted from 74.82.47.3:47106 #1063 (1 connection now open)
2018-06-02T16:30:51.382+0800 I NETWORK [conn1063] end connection 74.82.47.3:47106 (0 connections now open)
2018-06-03T00:00:41.033+0800 I NETWORK [initandlisten] connection accepted from 183.57.54.43:38288 #1064 (1 connection now open)
2018-06-03T00:00:47.253+0800 I NETWORK [conn1064] end connection 183.57.54.43:38288 (0 connections now open)
2018-06-03T11:44:29.567+0800 I NETWORK [initandlisten] connection accepted from 60.191.38.78:22607 #1065 (1 connection now open)
2018-06-03T11:44:29.666+0800 I NETWORK [conn1065] end connection 60.191.38.78:22607 (0 connections now open)
2018-06-03T12:18:25.901+0800 I NETWORK [initandlisten] connection accepted from 43.226.34.50:50410 #1066 (1 connection now open)
2018-06-03T12:18:26.191+0800 I NETWORK [conn1066] end connection 43.226.34.50:50410 (0 connections now open)
2018-06-03T12:18:26.313+0800 I NETWORK [initandlisten] connection accepted from 43.226.34.50:50416 #1067 (1 connection now open)
2018-06-03T12:18:26.477+0800 I COMMAND [conn1067] dropDatabase blog starting
2018-06-03T12:18:26.764+0800 I COMMAND [conn1067] dropDatabase blog finished
2018-06-03T12:18:26.764+0800 I COMMAND [conn1067] command blog command: dropDatabase { dropDatabase: 1.0 } keyUpdates:0 writeConflicts:0 numYields:0 reslen:55 locks:{ Global: { acquireCount: { r: 2, w: 1, W: 1 } }, Database: { acquireCount: { W: 1 } } } protocol:op_query 286ms
2018-06-03T12:18:26.872+0800 I NETWORK [conn1067] end connection 43.226.34.50:50416 (0 connections now open)
2018-06-03T12:18:26.974+0800 I NETWORK [initandlisten] connection accepted from 43.226.34.50:50428 #1068 (1 connection now open)
2018-06-03T12:18:27.143+0800 I COMMAND [conn1068] dropDatabase runoob starting
2018-06-03T12:18:27.215+0800 I COMMAND [conn1068] dropDatabase runoob finished
2018-06-03T12:18:27.330+0800 I NETWORK [conn1068] end connection 43.226.34.50:50428 (0 connections now open)
2018-06-03T12:18:27.439+0800 I NETWORK [initandlisten] connection accepted from 43.226.34.50:50432 #1069 (1 connection now open)
2018-06-03T12:18:27.601+0800 I COMMAND [conn1069] dropDatabase test starting
2018-06-03T12:18:27.617+0800 I COMMAND [conn1069] dropDatabase test finished
2018-06-03T12:18:27.729+0800 I NETWORK [conn1069] end connection 43.226.34.50:50432 (0 connections now open)
2018-06-03T12:18:27.841+0800 I NETWORK [initandlisten] connection accepted from 43.226.34.50:50436 #1070 (1 connection now open)
2018-06-03T12:18:28.183+0800 I COMMAND [conn1070] command Warning.Readme command: insert { insert: "Readme", documents: [ { _id: ObjectId('5b136c14ce4f947a039184c5'), BitCoin: "3QL2jiiWPRk7K77NvKxnfSDuCMi2dCbVMU", eMail: "mongodb@tfwno.gf", Exchange: "https://localbitcoins.com", Solution: "Your Database is downloaded and backed up on our secured servers. To recover your lost data: Send 0.4 BTC to our BitCoin Address and Contact us by eMa..." } ], ordered: true } ninserted:1 keyUpdates:0 writeConflicts:0 numYields:0 reslen:40 locks:{ Global: { acquireCount: { r: 2, w: 2 } }, Database: { acquireCount: { w: 1, W: 1 } }, Collection: { acquireCount: { W: 1 } } } protocol:op_query 119ms
2018-06-03T12:18:28.297+0800 I NETWORK [conn1070] end connection 43.226.34.50:50436 (0 connections now open)
2018-06-03T16:36:06.398+0800 I NETWORK [initandlisten] connection accepted from 184.105.247.196:47386 #1071 (1 connection now open)
2018-06-03T16:36:06.750+0800 I NETWORK [conn1071] end connection 184.105.247.196:47386 (0 connections now open)
2018-06-03T16:36:16.820+0800 I NETWORK [initandlisten] connection accepted from 184.105.247.196:65268 #1072 (1 connection now open)
2018-06-03T16:36:17.020+0800 I NETWORK [conn1072] end connection 184.105.247.196:65268 (0 connections now open)


温馨提示,mongodb不要用默认端口,否则你会被hacker 删除勒索比特币 ,附上一个被攻击留下的记录

db.getCollection("Readme").update({ _id: ObjectId("5b136c14ce4f947a039184c5") }, {
  $set: {
    "BitCoin": "3QL2jiiWPRk7K77NvKxnfSDuCMi2dCbVMU",
    "eMail": "mongodb@tfwno.gf",
    "Exchange": "https://localbitcoins.com",
    "Solution": "Your Database is downloaded and backed up on our secured servers. To recover your lost data: Send 0.4 BTC to our BitCoin Address and Contact us by eMail with your server IP Address and a Proof of Payment. Any eMail without your server IP Address and a Proof of Payment together will be ignored. You are welcome!"
  }
})



@@@安全做法是给mongodb分配用户权限 改端口 这样安全稍微有点保障 然后要加验证才能登录 @@@@


## 安全做法(做好备份数据定时任务配合)



Steps:
1. Start MongoDB
.-- mongod
2. Create User with proper roles

-- db.createUser({'user':'username', 'pwd':'password', 'roles':[{'role':'userAdminAnyDatabase', 'db':'admin'}]})

3. Restart mongo in access control mode
mongod --auth

4.1 Connect before authentication
--  mongo -u "username" -p "password" --authenticationDatabase "admin"
4.2 Connect after authentication
-- use admin
-- db.auth("username", "password")

DIY表情

(添加http或https协议)

提交评论

留言区 4