Why my mongo database was dropped by attacker? - mongodb

I already setup mongod with authentication but forget to expose port 27017 to public but I don't understand why attacker can drop my database?
*** Updated, issued has been resolved, I forgot to re-enable auth after change something on config files and attacker random scripting execute drop database command on server which not enable auth.
Server Information:
MongoDB Server 4.0.3 on Ubuntu 16.04.5

You need to disable the remote access to your MongoDB.
In mongo conf file, setting bind_ip you can restrict.
Refer this link : http://wptrafficanalyzer.in/blog/enabling-and-disabling-remote-access-to-a-mongodb-server/
In your case, it might be accessible to remote users using mongoclient.

Related

how to authenticate if I run mongod with security.authorization: enabled?

After initially installing mongodb and running mongod with security.authorization: enabled option, how do I authenticate myself?
I need to access Mongo Shell to create root account, but it requires authentication...
According to this guide you should
first create an admin account
enable authorization and restart mongo instance
When you run mongod with authorization: enabled it will ask for a password, unless you're connecting from the localhost, in which case you'll be able to connect and create users.
This is known as the localhost exception, and it's the way they allow you to create a root or better off a userAdmin on the database. It won't ask you for a pwd.
You can of course, launch mongod without autorization: enabled, create the user, and re-launch. I find the previous approach far more practical than this.
You can simply run the mongo shell and it will run on localhost port 27017 by default.
Connection URL: mongodb://localhost:27017/your-project
That will allow you to create root account without any password.
You can take help of this article,
and also the official MongoDB security options configuration.

MongoDB 3.2 - authenticate from localhost

Just upgraded from Debian8 to Debian9. My MongoDB instance was upgraded as well (2.4 -> 3.2). Authentication is enabled.
In 2.4 when logging from localhost you could simply connect via mongo and was granted administrative privileges:
mongo
After doing some research it seems to me that in 3.2 you MUST login via some user/password combination even from localhost. But that seems awfully inconvenient.
mongo localhost/admin -u superAdminUser -p
So my question is whether that is really true and you do need to always use user/password combination? Or maybe I missed something and logging as superuser from localhost is still possible with no user/password?
if you start Mongodb by the following command , you will need to insert user name and password
mongod --dbpath /var/lib/mongo/ --auth &
also check /etc/mongod.conf file , you can enable/disable authentication .
security.authorization : enabled
As I know there is no way to disable authentication on local host only .
you can disable/enable authentication for all hosts which want to connect to Database

Failed to load list of databases

I want to connect to a remote database using Robomongo. I can connect to to database but an error says that:
Failed to load list of databases
What should I do?
It took me 7 days to figure it out. When I have upgraded to Robo 3T version 1.3. it started working just fine. My previous version was 1.2.
Good to know if you are having this issue.
In my experience, it is related to failed database user/password authentication. So probably your IP connection to server is successful but you failed to connect to db. I suggest to double check your database username/password and try again.
And better to show what is inside "Show error details".
Go to Connection Settings -> Authentication
- Provide Database name, username, password
- Now test the connection
I ran into the same issue, then I provided the above info which solved my issue
Refer: (Vaibhav's post) Point 3.Populate DB name and username and password How to connect Robomongo to MongoDB
I have faced the same problem after updating the MongoDB version from 3.6 to 4.2 and previously I was using the Robo 3T version 1.2. So I just updated the Robo 3T version from 1.2 to 1.3 and it's started working again.
This is because whatever user you are connecting as does not have the privileges to list the databases.
https://docs.mongodb.com/manual/reference/built-in-roles/
Note that a user/role can connect and interact with a specific database/collection, but in order for Robomongo to list out the databases/collections, you need to let it connect to your database using a user that has listDatabases privileges.
check that your user has read/write & list all Databases privileges.
I had the same error ("failed to load a list of databases"). Due to some reason all my databases and collections got removed. Apparently, Robomongo couldn't handle the situation when there are no databases/collections available on the server.
To solve the issue, I connected to Mongo Shell, created a database, and created a collection there:
mongo (start mongo shell)
use local (create database named local)
db.createCollection("somename")
After that, I could connect to the Mongo server
Update: I've faced this issue again, and this time it has been caused by the fact that it was a new Mongo installation on a virtual machine, and connections from other hosts weren't allowed, so I had to modify bindIP from 127.0.0.1 to 0.0.0.0 in /etc/mongod.conf
net:
bindIp: 0.0.0.0
port: 27017
and restart mongo sudo service mongod restart
Got the same issue when using mongodb version v4.2.0, but the auth settings don't help. Keep getting the following logs when connecting from Robo 3T(i.e.mongoRobo).
2019-09-30T16:41:52.286-0400 I NETWORK [listener] connection accepted from 127.0.0.1:53862 #1 (1 connection now open)
2019-09-30T16:41:52.286-0400 I NETWORK [conn1] received client metadata from 127.0.0.1:53862 conn1: { application: { name: "robo3t" }, driver: { name: "MongoDB Internal Client", version: "3.4.3-10-g865d2fb" }, os: { type: "Darwin", name: "Mac OS X", architecture: "x86_64", version: "17.7.0" } }
2019-09-30T16:41:52.292-0400 E - [conn1] Assertion: Location34348: cannot translate opcode 2010 src/mongo/rpc/message.h 120
2019-09-30T16:41:52.292-0400 I NETWORK [conn1] DBException handling request, closing client connection: Location34348: cannot translate opcode 2010
2019-09-30T16:41:52.292-0400 I NETWORK [conn1] end connection 127.0.0.1:53862 (0 connections now open)
Finally resolved it by upgrading Robo 3T to v1.3(mac)
I just found out that I have to upgrade to the latest version that supports latest version of MongoDB. It worked without any authentication.
I had the same issue when I upgraded mongodb from 3.2 to 5.0 and tried to connect on Robo 3T 1.2.
Then I installed Mongo Compass, issue resolved. Issue would be resolved installing Robo 3T 1.3 too.
If you are using mongod --auth --dbpath /data/db1 command to start MongoDB, remove --auth and start it.
mongod --dbpath /data/db1
Now Robomongo will be able to connect without authentication. But starting without authentication is not safe. So take another terminal and create a user for your db using mongo command as described in this article.
use myDB
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "dbAdminAnyDatabase", db: "admin" } ]
}
)
Now restart your MongoDB with --auth. Connect with Robomongo after configuring above authentication details in its connection settings.
mongod --auth --dbpath /data/db1
I had the same problem (using Robomongo), then, I created an user with his password to connect to the database, and now It is working ok
In my case i changed the configurations of my connection:
You go to: Manager connection >> Edit >> authentication >> rename to database to: admin
when I loaded the my connection all databases appeared.
Start mongod process. Start mongo process.
On the mongo shell you have opened type first rs.status() then rs.initiate() then rs.status().
My version is 1.4.3 Robo3T.
What worked for me is;
Go to MongoDB Connections and edit related connection
Go to Connection Settings
Under Authentication tab check the "Manually Specify visible
databases" and fill in the dbName you need to access.
It should fix.
I faced a similar issue but it was due to my own mistake. I added replication configuration int the /etc/mongod.conf file (i.e replSet name) and restarted the mongod.service without doing an rs.initiate()
After doing an rs.initiate() and doing a restart of mongod.service, my issue was resolved.
This issue only exists with ROBO3T 1.2 update to a higher version and it will go. The reason behind it is version 1.2 takes authentication but when we don't provide credentials in case of local it does not run listdatabase on startup

Unable to connect to remote Mongo Database (v3.0.3)

On the Server
I have the Mongod instance running on my server.
I created a User on admin, using which I created a user with readWrite role on the database that I wanted to access.
Updated the mongo /etc/mongod.conf file:
commented out the bind ip
uncommented auth=yes
Restarted Mongod using sudo service mongod restart
On the Client:
The db.auth(user,pass) command works fine on the remote server, but shows auth failure on the client (my home system).
I made sure that I was using the correct database with the use myDb command.
PS. I am able to connect to the mongo server using the mongo xx.xx.xx.xx:27017 command. But unable to Authenticate.
Please help. Mongo v3.0.3.

Access MongoDB from other server

I have a MongoDB database on my Linux server. I want to access it from another server. I tried to make a connection from my local computer with the Robomongo. The connection is succesfull, but the authentication fails.
How can I get the authentication credentials? Or should I change something in MongoDB before I can acces the database from another server / pc?
Someone else have set up this database, and there is no possibility to ask him this questions.
I have found the solution by my self:
The File etc/mongod.conf has a line 'bind_ip'. In this line, you originally have to add the IP address which you want to access your database. But, it don't work! You should better comment this line.
But, you don't have any authentication now, so you have to add authentication. Here you have an tutorial about this: http://ghosttx.com/2012/03/how-to-connect-to-a-remote-mongodb-server-with-mongohub-for-mac/
When you have done that, you have to enable authentication. You can do this by editing etc/mongod.conf again, and uncomment the line 'Auth = true'.
Now you can connect with you Mongo Database ;)
Ive sorted it by adding ssh option to RoboMongo following this link:
http://www.mongovue.com/2011/08/04/mongovue-connection-to-remote-server-over-ssh/
Im on OSX and connecting to Ubuntu 14 / Mongo 2.6.7 on VPS and when Ive added my ssh details to the Robomongo all seem to work ok (Ive also changed the mongo config to remove the ip_bing and enabled port 27017)
If you do not like to bother with authentication and stuff just make an SSH Tunnel:
ssh -fN -l username -i .ssh/id_rsa -L 9999:localhost:27017 remote.com
Just connect to mongodb on localhost:9999 and it will establish a connection to your mongodb on port 27017 on your server at remote.com.
Run your mongodb with following command to access mongodb from other servers
mongod --port 10945 --bind_ip 0.0.0.0
I was not able to use Robomongo with MongoDB 3.0 too (connecting from a Windows machine to a Linux one, using SSH). The only tool that works for me is MongoChef (http://3t.io/mongochef/).