I am trying to connect EC2 and mongodb .. But after the connection is made and database creation... I created a collection and saved some values but they are geting deleted after 48 hours and another database is visible stating all your data are backed up and you need to pay to get the data back else data will be leaked
Amazon EC2 ip adresses known by hackers. They are trying to join database servers which has no password protection. Their scripts tries all ip adresses and mongo db port. If has no protection then copy datas, delete datas and put the some message as pay money to us.
At this point, please search how to add authentication to mongo db server.
Related
My team and I are currently experiencing an issue where we can't connect to Cloud SQL's Postgres instance(s) from anything other than the psql cli tool. We get a too many connections for database "postgres" error (in PGAdmin, DBeaver, and our node typeorm/pg backend). It initially happened on our (only) Postgres database instance. After restarting, stopping and starting again, increasing machine CPU/memory proved to do nothing, I deleted the database instance entirely and created a new one from scratch.
However, after a few hours the problem came back. I know that we're not actually having too many connections as I am able to query pg_stat_activity from psql command line and see the following:
Only one of those (postgres username) connections is ours.
My coworker also can't connect at all - not even from psql cli.
If it matters, we are using PostgreSQL 13, europe-west2 (London), single zone availability, db-g1-small instance with 1.7GB memory, 10GB HDD, and we have public IP enabled and the correct IP addresses whitelisted.
I'd really appreciate if anyone has any insights into what's causing this.
EDIT: I further increased the instance size (to no longer be a shared core), and I managed to successfully connect my backend to it. However my psql cli no longer works - it appears that only the first client to connect is allowed to connect after a restart (even if it disconnects, other clients can't connect...).
From the error message, it is clear that the database "postgres" has a custom connection limit (set, for example, by ALTER DATABASE postgres CONNECTION LIMIT 1). And apparently, it is quite small. Why is everyone try to connect to that database anyway? Usually 'postgres' database is reserved for maintenance operations, and you should create other databases for daily use.
You can see the setting with:
select datconnlimit from pg_database where datname='postgres';
I don't know if the low setting is something you did, or maybe Google does it on its own for their cloud offering.
#jjanes had the right idea/mention.
I created another database within the Cloud SQL instance that wasn't named postgres and then it was fine.
It wasn't anything to do with maximum connection settings (as this was within Google Cloud SQL) or not closing connections (as TypeORM/pg does this already).
Question
What extra do I get if I fix this and get access to the admin database? (MyDataBaseName normal database works perfectly well)
Do I even need to fix this to use this postgres database for a Django 3.0 project?
Done -> ERROR
I have created a free tear AWS RDS Postgres 11 database.
I allowed external connections at creation and have successfully configured the inbound rules.
Than I have connected to pgAdmin (right click on server groups/create/server)
Than I got 3 database:
MyDataBaseName how I have named my database
postgesql that is auto generated
rdsadmin this is also auto generated,
I have problem with this one that it doesn't opens,
it has a rex x at the database icon
if i click on it it gives the following ERROR message
INTERNAL SERVER ERROR
FATAL: SomeConfigFileName.conf rejects connection for host "host.ip.adders.actully.with.numbers", user "myPersonalUsername", database "rdsadmin", SSL on
FATAL: SomeConfigFileName.conf rejects connection for host "host.ip.adders.actully.with.numbers", user "myPersonalUsername", database "rdsadmin", SSL off
"rdsadmin" is used for internal purposes by AWS. There should be no need to "fix" this.
The only things you are missing is things you aren't allowed to do anyway, and indeed not needing to deal with them yourself is what you are paying Amazon for.
Django shouldn't care. If it demands access to this database, that would be a bug in Django (or a configuration error)
I am trying to register users, client and peers in Hyperledger Fabric network using Postgres as database and using LDAP for authentication.
Although I'm able to generate certificates successfully and everything is working well but still while i check into the Postgres database then the users table is empty and there is no entry in that table, while certificates table is propagated properly and have all the certificates that I have generated.
I have checked postgres database without integrating it with LDAP and then the users table is updating successfully and I can see user entries there.
Is it a normal behavior or I'm missing something?
I have a mongodb running in my server, for local connections to the db I don't need any password to protect it(that is within the same physical machine, meaning connect to the server thru the 127.0.0.1 ip address).
But I don't want other people in the network be able connect to my database without password, only the authorized user. So I want to do password protection for the remote user.
How to do it?
Right now monogdb does not support authentication mode based on the user location. So that means if you run mongod with --auth that will apply to everyone.
There are no (yet) advanced authentication schemas like IP, protocol source, etc. For now you can only define if the user has read only or write permissions on a database. So basically the only thing mongodb cares is if you typed the right password for the right user.
Personally in all production environment I would recommend to use the secure mode, because even if you allow only connection from a localhost any users who has access to the local server or any malicious script on the host can easily wipe all your data.
The MongoDB Security and Authentication page has information on configuring user authentication and firewall settings.
Note that when you enable password authentication for a database, the authentication requirement will apply to both local and remote users (so you will also need to connect with a password through the local IP).
MongoDb does not offer an easy way to protect the database. I assume this is the reason why there are tens of thousands of mongodb instances on the net that are unprotected for hackers
My Question:
Is there any way to connect to Mongo DB (hosted on MongoLab) without username and password ?
My Case:
I have created a free MongoLab account (https://mongolab.com) and also create new database -> collection -> document in it.
When I connect to Mongo DB (on Mongo Lab) without username and password, I was able to connect, but when I try to retrieve any data it gives me "unauthorized db:testing lock type:-1 client:...." error.
So I have created a DB User in MongLab as well and provide username and password at the time of connection. After that I am able to connect and retrieve data from Mongo DB.
MongoLab's multi-tenant database plans are on shared servers. We cannot give you the choice to forgo authentication. Even if you were ok with others seeing you data, the other tenants on the server you share would still not want you to see their data.
We have dedicated server plans where you have your own server. On those we could turn off authentication for you. Email us at support#mongolab.com.
As for your benchmarks - auth will not slow things down. The drivers do not authentication on each request, just each connection. If you use the driver properly it should all work well.
-will (MongoLab)