background
Today, in a colleague’s project, mongodb was hacked, and then the database was cleared, leaving a bunch of “scenes of the crime”, and I wrote a paragraph and attached it for everyone to see. . . .
All your data is a backed up. You must pay 0.021 BTC to
1Di1cM1QgTxZuwsxp9nRBc6UXUAhbMN7YX 48 hours for recover it. After 48
hours expiration we will leaked and exposed all your data. In case of
refusal to pay, we will contact the General Data Protection
Regulation, GDPR and notify them that you store user data in an open
form and is not safe. Under the rules of the law, you face a heavy
fine or arrest and your base dump will be dropped from our server! You
can buy bitcoin here, does not take much time to buy
https://localbitcoins.com or https://buy.moonpay.io/ After paying
write to me in the mail with your DB IP: [email protected]
and you will receive a link to download your database dump.
Let’s not talk about the problems found out, it’s embarrassing, I think the port limit of this colleague is also for several ip connections, and the rest of the loopholes are almost blocked, so let’s write about the process of creating an account password in mongodb , this He didn't do it, and it felt like he was running around naked, but fortunately, he executed my script before letting them go online, and the data was restored immediately without loss. well.
Another one is why I want to write this blog, because my colleague has been working on it all afternoon and hasn’t figured out how to create an account password. I think it’s better to write it myself and record it, so as not to forget it later. . . .
- Since we are the mongodb installed by the pagoda, enter the default directory of the pagoda
1. Enter the default directory of the pagoda.
cd /www/server/mongodb/bin
2. Enter the mongodb environment
命令: mongo
3. Enter the admin database
命令: use admin
4. Set the admin user password
db.createUser({user: 'root', pwd: 'pwr23', roles: ['root']})
5. Verify that the account just created is successful
db.auth('root', 'pwr23')
Return 1: success
0: failure
6. Create a new database test
After the creation is successful, exit the command line and re-enter
7. Enter the mongodb environment
命令: mongo
8. Enter the admin database
命令: use admin
9. Create a user and grant permissions,
db.createUser({ user: 'rootDev', pwd: 'wddmin23', roles: [{ role: 'root', db: 'admin' }] })
10. Modify mongodb, configuration file
Authorization is changed to enabled to enable authentication