I got this message in the bot's MongoDB after hosting on a VPS.
{
"_id": {
"$oid": "665e28065906d075f81e6f78"
},
"content": "All your data is backed up. You must pay 0.0057 BTC to 1GbLiucJ7fhsM3sYrPKHvZ5mUW2p4AYW7p In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data01)After paying send mail to us: dzen+15lgph@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: 15LGPH"
}
Solution
Use some measures to protect from attacks.
Subtasks
[ ] Add security as a non-functional requirement
[ ] Use a password and a user name in the database
[ ] Use NixOS
[ ] Use sops
[ ] Reproduce this or a similar attack
[ ] Add a script to test the found attack automatically
Details
Problem
I got this message in the bot's MongoDB after hosting on a VPS.
Solution
Use some measures to protect from attacks.
Subtasks
securityas a non-functional requirement