User Controls

Hey, it looks like your browser has javascript disabled. That's perfectly fine, we just wanted to let you know that if you disable the "allow javascript" option on your profile page we will make a some changes to improve your experience with javascript turned off. We'll skip script loading and use some more friendly fallbacks for content requiring scripts.

Mongo Ransom Attacks

2017-01-10 at 12:28 AM UTC
#1

Lanny Bird of Courage

https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-is-here-as-ransom-attacks-hit-10-000-servers/

Not strictly a bug, but apparently the default mongo settings are to accept connections from any addr with no password, enough people have deployed like this that people are getting wrecked left and right. Kind of funny to watch.
2017-01-10 at 12:47 AM UTC
#2

aldra JIDF Controlled Opposition

yeah I noticed that config at work - our mongo setup is fucking stupid and there's no need for it, it literally sits between MSSQL and elasticache creating latency - can't fix it because there are too many random things people have hooked up to it and don't have documented.
2017-01-10 at 4 AM UTC
#3

SBTlauien African Astronaut

%25 of all Mongo DB on the net. Damn.
2017-01-10 at 9:58 PM UTC
#4

Sophie Pedophile Tech Support

Yeah i thought this was common knowledge? I know there are people who have been automating this kind of attack for at least half a year now. The data brokers are harvesting several terrabytes worth of data a day..
2017-01-10 at 11:06 PM UTC
#5

Sophie Pedophile Tech Support
El' oh fuckin' el'.

Click with OPSEC, Mongo web debug logs access.
```
http://136.243.149.88:28017/
```

Jump to Top

User Controls

Navigation

Mongo Ransom Attacks