其实,这次的数据丢失/泄露,并不是说 MongoDB
本身有什么问题,而是安全意识淡薄(同样,Redis, ElasticSearch若以默认的配置暴露在互联网上,也面临同样的问题),没有任何防御措施,所以,这里黑客根本都不需要进行多复杂的攻击,直接扫描IP:27017端口,进行连接、查询、删库即可。
以下是事后查询 MongoDB
日志得到的部分访问信息:
{“t”:{“$date”:“2021-03-02T08:24:19.868+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:22943, “ctx”:“listener”,“msg”:“Connection accepted”,“attr”:{“remote”:“51.75.144.43:46064”,“connectionId”:2480072,“connectionCount”:9}}
{“t”:{“$date”:“2021-03-02T08:24:20.044+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:51800, “ctx”:“conn2480072”,“msg”:“client metadata”,“attr”:{“remote”:“51.75.144.43:46064”,“client”:“conn2480072”,“doc”:{“driver”:{“name”:“PyMongo”,“version”:“3.11.2”},“os”:{“type”:“Linux”,“name”:“Linux”,“architecture”:“x86_64”,“version”:“5.4.0-66-generic”},“platform”:“CPython 3.8.5.final.0”}}}
{“t”:{“$date”:“2021-03-02T08:24:20.557+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:22943, “ctx”:“listener”,“msg”:“Connection accepted”,“attr”:{“remote”:“51.75.144.43:46778”,“connectionId”:2480073,“connectionCount”:10}}
{“t”:{“$date”:“2021-03-02T08:24:20.699+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:22943, “ctx”:“listener”,“msg”:“Connection accepted”,“attr”:{“remote”:“51.75.144.43:46938”,“connectionId”:2480074,“connectionCount”:11}}
{“t”:{“$date”:“2021-03-02T08:24:20.732+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:51800, “ctx”:“conn2480073”,“msg”:“client metadata”,“attr”:{“remote”:“51.75.144.43:46778”,“client”:“conn2480073”,“doc”:{“driver”:{“name”:“PyMongo”,“version”:“3.11.2”},“os”:{“type”:“Linux”,“name”:“Linux”,“architecture”:“x86_64”,“version”:“5.4.0-66-generic”},“platform”:“CPython 3.8.5.final.0”}}}
{“t”:{“$date”:“2021-03-02T08:24:20.877+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:51800, “ctx”:“conn2480074”,“msg”:“client metadata”,“attr”:{“remote”:“51.75.144.43:46938”,“client”:“conn2480074”,“doc”:{“driver”:{“name”:“PyMongo”,“version”:“3.11.2”},“os”:{“type”:“Linux”,“name”:“Linux”,“architecture”:“x86_64”,“version”:“5.4.0-66-generic”},“platform”:“CPython 3.8.5.final.0”}}}
{“t”:{“$date”:“2021-03-02T08:24:21.420+08:00”},“s”:“I”, “c”:“COMMAND”, “id”:20337, “ctx”:“conn2480073”,“msg”:“dropDatabase - starting”,“attr”:{“db”:“RREAD_ME_TO_RECOVER_YOUR_DATA”}}
{“t”:{“$date”:“2021-03-02T08:24:21.420+08:00”},“s”:“I”, “c”:“COMMAND”, “id”:20338, “ctx”:“conn2480073”,“msg”:“dropDatabase - dropping collection”,“attr”:{“db”:“RREAD_ME_TO_RECOVER_YOUR_DATA”,“namespace”:“RREAD_ME_TO_RECOVER_YOUR_DATA.RREADME”}}
{“t”:{“$date”:“2021-03-02T08:24:21.423+08:00”},“s”:“I”, “c”:“COMMAND”, “id”:20336, “ctx”:“conn2480073”,“msg”:“dropDatabase”,“attr”:{“db”:“RREAD_ME_TO_RECOVER_YOUR_DATA”,“numCollectionsDropped”:1}}
{“t”:{“$date”:“2021-03-02T08:24:21.768+08:00”},“s”:“I”, “c”:“COMMAND”, “id”:20337, “ctx”:“conn2480073”,“msg”:“dropDatabase - starting”,“attr”:{“db”:“config”}}
{“t”:{“$date”:“2021-03-02T08:24:21.768+08:00”},“s”:“I”, “c”:“COMMAND”, “id”:20338, “ctx”:“conn2480073”,“msg”:“dropDatabase - dropping collection”,“attr”:{“db”:“config”,“namespace”:“config.system.sessions”}}
{“t”:{“$date”:“2021-03-02T08:24:21.789+08:00”},“s”:“I”, “c”:“COMMAND”, “id”:20336, “ctx”:“conn2480073”,“msg”:“dropDatabase”,“attr”:{“db”:“config”,“numCollectionsDropped”:1}}
{“t”:{“KaTeX parse error: Expected 'EOF', got '}' at position 38: …4:22.132+08:00"}̲,"s":"I", "c":…uuid”:“1f0b87f8-ba8f-476b-94cc-8d80796b64bc”}},“options”:{}}}
{“t”:{“KaTeX parse error: Expected 'EOF', got '}' at position 38: …4:22.147+08:00"}̲,"s":"I", "c":…timestamp”:{“t”:0,“i”:0}}}}
{“t”:{“$date”:“2021-03-02T08:24:22.487+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:22944, “ctx”:“conn2480073”,“msg”:“Connection ended”,“attr”:{“remote”:“51.75.144.43:46778”,“connectionId”:2480073,“connectionCount”:10}}
{“t”:{“$date”:“2021-03-02T08:24:22.886+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:22944, “ctx”:“conn2480074”,“msg”:“Connection ended”,“attr”:{“remote”:“51.75.144.43:46938”,“connectionId”:2480074,“connectionCount”:9}}
{“t”:{“$date”:“2021-03-02T08:24:22.886+08:00”},“s”:“I”, “c”:“-”, “id”:20883, “ctx”:“conn2480072”,“msg”:“Interrupted operation as its client disconnected”,“attr”:{“opId”:42096260}}
{“t”:{“$date”:“2021-03-02T08:24:22.886+08:00”},“s”:“I”, “c”:“NETWORK”, “id”:22944, “ctx”:“conn2480072”,“msg”:“Connection ended”,“attr”:{“remote”:“51.75.144.43:46064”,“connectionId”:2480072,“connectionCount”:8}}
可见,利用 Python
脚本进行自动化扫描;从连接建立到断开,耗时3秒;IP:51.75.144.43,来源:法国上法兰西鲁贝。
措施
虽说安全防护“道高一尺,魔高一丈”,安全意识一定要有,防患于未然,不要等到数据安全事故发生在自己身上才喊疼,有时候,这责任承担不起。关于 MongoDB
基本的防护可考虑以下措施:
-
屏蔽端口(生产环境下建议,屏蔽端口+权限控制:仅限内网访问+访问鉴权);
-
更换端口;
-
白名单访问;
-
开启认证鉴权;
-
最次,数据库备份还是要有的o(╯□╰)o
网上学习资料一大堆,但如果学到的知识不成体系,遇到问题时只是浅尝辄止,不再深入研究,那么很难做到真正的技术提升。
一个人可以走的很快,但一群人才能走的更远!不论你是正从事IT行业的老鸟或是对IT行业感兴趣的新人,都欢迎加入我们的的圈子(技术交流、学习资源、职场吐槽、大厂内推、面试辅导),让我们一起学习成长!