Database selfhostio does not exist

[Yapping7409]

Describe the bug Database selfhostio does not exist anymore after running for a while.

To Reproduce I just followed the instructions in the readme.

Expected behavior It ran without issues for around 12 hours and after that selfhostio was not available anymore.

Logs

2024-02-03 23:56:09.975 UTC [50467] ERROR:  relation "torrents" does not exist at character 13
2024-02-03 23:56:09.975 UTC [50467] STATEMENT:  INSERT INTO "torrents" ("infoHash","provider","torrentId","title","size","type","uploadDate","seeders","trackers","reviewed","opened","createdAt","updatedAt") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13) ON CONFLICT ("infoHash") DO UPDATE SET "title"=EXCLUDED."title","torrentId"=EXCLUDED."torrentId","infoHash"=EXCLUDED."infoHash","seeders"=EXCLUDED."seeders","size"=EXCLUDED."size","uploadDate"=EXCLUDED."uploadDate","type"=EXCLUDED."type","provider"=EXCLUDED."provider","trackers"=EXCLUDED."trackers","updatedAt"=EXCLUDED."updatedAt" RETURNING "infoHash","provider","torrentId","title","size","type","uploadDate","seeders","trackers","languages","resolution","reviewed","opened","createdAt","updatedAt";
2024-02-03 23:56:11.034 UTC [50482] FATAL:  database "template0" is not currently accepting connections
2024-02-03 23:56:11.157 UTC [50453] ERROR:  relation "torrents" does not exist at character 13
2024-02-03 23:56:11.157 UTC [50453] STATEMENT:  INSERT INTO "torrents" ("infoHash","provider","torrentId","title","size","type","uploadDate","seeders","trackers","reviewed","opened","createdAt","updatedAt") VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13) ON CONFLICT ("infoHash") DO UPDATE SET "title"=EXCLUDED."title","torrentId"=EXCLUDED."torrentId","infoHash"=EXCLUDED."infoHash","seeders"=EXCLUDED."seeders","size"=EXCLUDED."size","uploadDate"=EXCLUDED."uploadDate","type"=EXCLUDED."type","provider"=EXCLUDED."provider","trackers"=EXCLUDED."trackers","updatedAt"=EXCLUDED."updatedAt" RETURNING "infoHash","provider","torrentId","title","size","type","uploadDate","seeders","trackers","languages","resolution","reviewed","opened","createdAt","updatedAt";
2024-02-03 23:56:11.368 UTC [50464] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.368 UTC [50465] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.370 UTC [50333] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.370 UTC [50466] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.371 UTC [50467] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.374 UTC [50463] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.374 UTC [50453] FATAL:  terminating connection due to administrator command
2024-02-03 23:56:11.644 UTC [50485] ERROR:  cannot drop the currently open database
2024-02-03 23:56:11.644 UTC [50485] STATEMENT:  DROP DATABASE postgres;
2024-02-03 23:56:11.806 UTC [27] LOG:  checkpoint starting: immediate force wait
2024-02-03 23:56:11.815 UTC [27] LOG:  checkpoint complete: wrote 2 buffers (0.0%); 0 WAL file(s) added, 0 removed, 0 recycled; write=0.002 s, sync=0.001 s, total=0.010 s; sync files=2, longest=0.001 s, average=0.001 s; distance=1203 kB, estimate=36549 kB; lsn=0/691C2FB0, redo lsn=0/691C2F78
2024-02-03 23:56:12.579 UTC [50490] FATAL:  database "selfhostio" does not exist
2024-02-03 23:56:13.439 UTC [50491] FATAL:  database "selfhostio" does not exist
2024-02-03 23:56:21.658 UTC [50500] FATAL:  database "selfhostio" does not exist
2024-02-03 23:56:23.500 UTC [50501] FATAL:  database "selfhostio" does not exist
2024-02-03 23:56:31.268 UTC [50510] FATAL:  database "selfhostio" does not exist
2024-02-03 23:56:31.726 UTC [50511] FATAL:  database "selfhostio" does not exist
2024-02-03 23:56:32.037 UTC [50512] FATAL:  database "selfhostio" does not exist

Hardware:

• OS and distro: Ubuntu 22.04
• Server: VM

[HDwayne]

Hi there,

Could you confirm if the database is accessible from outside your network? I encountered a similar issue yesterday. Could you please check the available databases on your PostgreSQL instance by following these steps:

1. Connect to the console of the container (via Portainer, for example).
2. Access psql.
3. Use the command \l to list all available databases.

If you find a database named readme_to_recover, it indicates that you might have been hacked by a Ransomware bot. You can check further by executing the following commands:

\c readme_to_recover
\dt
Select * from readme;

In my case, I received a message similar to this:

 All your data is backed up. You must pay 0.008 BTC to 1DebBNt391tT5stk8YgtLJoAU8HPoRhbPD In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data3) After paying send mail to us: rambler+3kc3e@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 3KC3E

If this is your case, it's crucial to close direct access to your PostgreSQL database from outside your network and change the default password.

[funkypenguin]

Yeah, this doesn't look good :(

2024-02-03 23:56:11.644 UTC [50485] STATEMENT:  DROP DATABASE postgres;

[Yapping7409]

After adding ufw firewall to only allow ports 22, 80, 443, 7000 and docker system prune -a i still see the readme_to_recover database. Do i just have to reinstall the whole VM and are those security measures good enough to prevent this?

[purple-emily]

I'm going to close the ports now we have a network established

[purple-emily]

Hopefully #55 will prevent this issue from affecting anyone else.

I will leave the issue open for a while so that the others can offer you advice to your last question.

[Gabisonfire]

@Yapping7409 I'd advise you just completely delete this vm, who know what else has been compromised.