Open wkulesza opened 3 years ago
After connecting to mongo database, i have seen that there are three collections: admin config READ__ME_TO_RECOVER_YOUR_DATA
the last one caught my attention and inside that collection there's an entry called README and its content is:
> db.README.find()
{ "_id" : ObjectId("61068e24534ea273d6227f5a"), "content" : "All your data is a backed up. You must pay 0.03 BTC to 1LjmcZAiNEnZrNiGhw4VcNVCx4RUbjX9rJ 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com or https://buy.moonpay.io/ After paying write to me in the mail with your DB IP: myDBw61@recoverme.one and you will receive a link to download your database dump." }
>
This is the first time i see something like this - not possible to get to that server (i have just checked all my access logs) and this is also in docker, so a question, is that done by somebody by connecting to that mongo database ?
My quick fix was to block mongodb from outside access, but of course Mongo needs to be run with authentication, while your documentation suggests it's not neccesary. There's a lot of info about MongoDB ransoms - like here https://nakedsecurity.sophos.com/2020/07/02/mongodb-ransom-threats-step-up-from-blackmail-to-full-on-wiping/
Can you confirm that the config files env.yml /server.yml are so structred, one can add authentication easily to those users that should be access to mongodb ?
Observed behavior
After approx. 2 days, when user logs in to data tools, previously created Project (with gtfs uploaded and valid) get missing.
Expected behavior
After creating a new project, uploading gtfs, this project and data should remain intact.
Steps to reproduce the problem
Deploy Data tools, for example using this docker: https://github.com/javandres/gtfs_editor_ibi_datatools_docker
Version of datatools-server and datatools-ui if applicable (exact commit hash or branch name)
UI Version: | 10c562 Server version: | 6eb794