Closed Yapping7409 closed 8 months ago
Hi there,
Could you confirm if the database is accessible from outside your network? I encountered a similar issue yesterday. Could you please check the available databases on your PostgreSQL instance by following these steps:
\l
to list all available databases.If you find a database named readme_to_recover
, it indicates that you might have been hacked by a Ransomware bot. You can check further by executing the following commands:
\c readme_to_recover
\dt
Select * from readme;
In my case, I received a message similar to this:
All your data is backed up. You must pay 0.008 BTC to 1DebBNt391tT5stk8YgtLJoAU8HPoRhbPD In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data3) After paying send mail to us: rambler+3kc3e@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 3KC3E
If this is your case, it's crucial to close direct access to your PostgreSQL database from outside your network and change the default password.
Yeah, this doesn't look good :(
2024-02-03 23:56:11.644 UTC [50485] STATEMENT: DROP DATABASE postgres;
After adding ufw firewall to only allow ports 22, 80, 443, 7000 and docker system prune -a
i still see the readme_to_recover database. Do i just have to reinstall the whole VM and are those security measures good enough to prevent this?
I'm going to close the ports now we have a network established
Hopefully #55 will prevent this issue from affecting anyone else.
I will leave the issue open for a while so that the others can offer you advice to your last question.
@Yapping7409 I'd advise you just completely delete this vm, who know what else has been compromised.
Describe the bug Database selfhostio does not exist anymore after running for a while.
To Reproduce I just followed the instructions in the readme.
Expected behavior It ran without issues for around 12 hours and after that selfhostio was not available anymore.
Logs
Hardware: