[MongoDB] Borrow MongoDB intrusion ransomware event, talk about Linux server port security issues

Source: Internet
Author: User
Tags account security server port ssh port

First, Reason:

MongoDB ransomware Events in recent days have been rampant: because of open access to the external network and have not opened the authorization mechanism was deleted library, remote drag library, ransomware. the Elasticsearch was then exposed to extortion incidents, the same reason, Elasticsearch service exposure on the public network and

Elasticsearch is not an account security system. In addition to the thought of the previous days, Redis unauthorized access to the vulnerability, also because Redis is not exposed to the public network, not set up authorization authentication, and caused.

As a full-time OPS personnel, these loopholes and extortion incidents, as long as one occurrence must be alerted and the start of vulnerability scanning prevention measures.

intrusion into the database, will delete the data, even if not too important will cause some problems, let you spend more time to fill back the data. Using Redis unauthorized access vulnerability, intrusion Server, then you this machine is dangerous, Trojan, history operation Record,

database operation record, all kinds of data will be taken away, If you do not know the long-term latent, it will be very troublesome. Some Trojans hard to kill, you can only re-install the system, this is a small workload.

Murphy's law says: Things that can go wrong always go wrong, and if you're worried about a situation, it's more likely to happen. So don't be lucky, security is a precaution.

Second, the solution:

MongoDB unauthorized access Vulnerability Introduction See here: http://www.freebuf.com/news/59143.html

Redis unauthorized access Vulnerability Introduction See here: http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/

Elasticsearch Vulnerability Introduction See here: What to save you, my Elasticsearch

For exposing the backend service, the port of the data service to the public network solution is as follows (in ES, for example, MongoDB, etc.):

first, the initial developers have a question, if I bind the host to the intranet IP, I am in the local open How to access the service when the hair, test it? You can not always log on to the server, using curl to access it, it is much more difficult to use?!

Directly on the answer, the recommended intensity in order from small to large:

1) Use Nginx to do reverse proxy, will be a public IP and port agent to ES service, use the end of the agent to turn off the nginx. Of course, Nginx itself is supporting the basic security account mechanism.

2) Deploy a shadowsocks service on the server, open a client connected to the past, and then the ES access address (such as 10.0.0.10:9200) agent to the Shadowsocks client open agent (such as SOCKS5), will be free to visit.

of course, you can access all the other intranet services Oh.

3) The most recommended solution, or the server installed a OpenVPN service, local developers connected to the VPN, the intranet service can be accessed. Of course, the cost of this program is somewhat high, it is necessary to have a certain operation and maintenance capacity.

Second , is there any way to prevent the subsequent appearance of this foolish x behavior? For example, there is an ES service accidentally configured to 0.0.0.0

There are plans, on the firewall, the common is iptables. To put it simply, white lists of locally open IP and ports, such as the common iptables configuration, open up to three ports (HTTP service), 443 (HTTPS service), and (SSH port)

*filter:input ACCEPT [0:0]:forward ACCEPT [0:0]:output ACCEPT [0:0]-A input-i lo-J ACCEPT-A input-i eth0-J ACCEPT-A input-m state--state related,established-J ACCEPT-A Input-p TCP--dport A-J ACCEPT-A Input-p TCP--dport the-J ACCEPT-A Input-p TCP--dport443-J ACCEPT-A INPUT-J Dropcommit

The third, some personal experience summary

1) The front-end process and the back-end process must be deployed separately on different machines, to avoid the front end because of vulnerabilities and other intrusion, resulting in back-end services and data is not available, to avoid risk.

2) Back-end services are those that do not directly interact with the user services, database services, it is important to add firewall rules, reasonable control access rights, to avoid being exploited.

3) for database-related services, to develop a good habit of regular backup, the worst case data loss is not afraid of being deleted.

4) for the front-end service, to do a certain IP access frequency limit, to avoid being reasonable use of attacks.

Third, appendix

Recommend a website: zooomeye, Zhong Eye, is a search engine for cyberspace. His crawler is dedicated to scanning the server on the network, for example, he got an IP, began to detect which ports on the IP open, using some methods to obtain important open services information.

With him, you can make a simple vulnerability scan of your own server (provided that he has updated your server's information). https://www.zoomeye.org/

[MongoDB] Borrow MongoDB intrusion ransomware event, talk about Linux server port security issues

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.