DB Ransom

[grantbi]

I was wondering if we could be provided a few ways to triple check security on the dokku plugin. My test server was hijacked and held ransom for bitcoin. I have a backup so it was no problem to fix, but I want to figure out how it happened and prevent it in the future.

I've seen this: https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data but I'm not sure how this applies as the dokku plugin generates it's own config / link with a username and password. Is there anything else I could have done differently? I also believed that the dokku plugin was an internal ip access only. So I'm confused as to what to do to prevent this.

[josegonzalez]

We don't expose the server to the outside world by default, you'd need to do dokku mongo:expose to expose the mongo service. We also set a default username/password, though that is stored in plaintext on the server, otherwise we wouldn't be able to use mongo:link properly.

The only way you'd get hacked is if you:

• had a vulnerability in your app allowing arbitrary command execution
• manually exposed the mongo server externally and there was a mongodb vulnerability allowing passwordless access
• manually exposed the mongo server externally and added an anonymous user to your mongodb server
• somehow allow direct ssh access without an ssh key

We're certainly secure by default, so my guess is you forgot that you exposed the cluster and also enabled anonymous access. According to this link, we should be fine as we more or less immediately create an admin user here. I'm not a mongodb user - I've never found a use-case for it that wasn't better suited to another datastore - but I'm pretty sure we've got the proper setup on our end.