hyman-海曼工具

一些简单的记录

0%

记一次mongodb被删库

发表于 更新于 分类于

问题

早上产品说XX平台不能打开,就自行打开平台,F12查看了接口提示500,说明服务异常,登陆服务器看了负载,磁盘空间无异常,查看应用日志提示mongodb无法连接导致。于是登陆mongodb,出现了一个新的数据库,原来的数据库丢失,查看数据库的内容原来是被清空数据勒索了,如图所示

查看mongodb日志,可以看到大量了外网地址连接

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
2020-04-14T04:56:09.550+0800 I NETWORK  [conn1511714] end connection 39.107.14.208:40666 (43 connections now open)
2020-04-14T05:20:30.311+0800 I NETWORK  [initandlisten] connection accepted from 104.152.52.34:51853 #1512195 (44 connections now open)
2020-04-14T05:21:01.296+0800 I NETWORK  [conn1512195] end connection 104.152.52.34:51853 (43 connections now open)
2020-04-14T07:15:53.163+0800 I NETWORK  [initandlisten] connection accepted from 45.227.255.233:61000 #1514516 (44 connections now open)
2020-04-14T07:16:24.155+0800 I NETWORK  [conn1514516] end connection 45.227.255.233:61000 (43 connections now open)
2020-04-14T11:48:18.433+0800 I NETWORK  [initandlisten] connection accepted from 3.80.64.27:60438 #1519957 (44 connections now open)
2020-04-14T11:48:18.660+0800 I NETWORK  [conn1519957] end connection 3.80.64.27:60438 (43 connections now open)
2020-04-14T12:40:03.620+0800 I NETWORK  [initandlisten] connection accepted from 106.15.76.92:35372 #1520998 (44 connections now open)
2020-04-14T12:40:03.692+0800 I NETWORK  [conn1520998] end connection 106.15.76.92:35372 (43 connections now open)
2020-04-14T15:19:26.779+0800 I NETWORK  [initandlisten] connection accepted from 45.76.69.227:52032 #1524191 (44 connections now open)
2020-04-14T15:19:27.293+0800 I NETWORK  [initandlisten] connection accepted from 45.76.69.227:52036 #1524192 (45 connections now open)
2020-04-14T15:19:30.424+0800 I NETWORK  [conn1524191] end connection 45.76.69.227:52032 (44 connections now open)
2020-04-14T15:19:30.424+0800 I NETWORK  [conn1524192] end connection 45.76.69.227:52036 (43 connections now open)
2020-04-14T15:37:25.731+0800 I NETWORK  [initandlisten] connection accepted from 218.17.161.71:58517 #1524553 (44 connections now open)
2020-04-14T15:53:33.064+0800 I NETWORK  [conn1488049] end connection 119.137.53.77:35317 (43 connections now open)
2020-04-14T16:27:03.334+0800 I NETWORK  [initandlisten] connection accepted from 47.97.16.76:59748 #1525554 (44 connections now open)
2020-04-14T16:27:03.458+0800 I NETWORK  [conn1525554] end connection 47.97.16.76:59748 (43 connections now open)
2020-04-14T17:34:56.440+0800 I NETWORK  [initandlisten] connection accepted from 47.93.57.242:47316 #1526915 (44 connections now open)
2020-04-14T17:34:56.440+0800 I NETWORK  [conn1526915] end connection 47.93.57.242:47316 (43 connections now open)
2020-04-14T17:34:56.482+0800 I NETWORK  [initandlisten] connection accepted from 47.93.57.242:47322 #1526916 (44 connections now open)
2020-04-14T17:34:56.560+0800 I NETWORK  [initandlisten] connection accepted from 47.93.57.242:47332 #1526917 (45 connections now open)
2020-04-14T17:34:56.631+0800 I NETWORK  [conn1526917] end connection 47.93.57.242:47332 (44 connections now open)
2020-04-14T17:34:56.633+0800 I NETWORK  [conn1526916] end connection 47.93.57.242:47322 (43 connections now open)
2020-04-14T20:03:12.999+0800 I NETWORK  [initandlisten] connection accepted from 47.97.16.76:54368 #1529878 (44 connections now open)
2020-04-14T20:03:13.135+0800 I NETWORK  [conn1529878] end connection 47.97.16.76:54368 (43 connections now open)
2020-04-15T00:03:54.045+0800 I NETWORK  [initandlisten] connection accepted from 184.105.247.196:46242 #1534686 (44 connections now open)
2020-04-15T00:03:54.776+0800 I NETWORK  [conn1534686] end connection 184.105.247.196:46242 (43 connections now open)
2020-04-15T00:04:02.802+0800 I NETWORK  [initandlisten] connection accepted from 184.105.247.196:7576 #1534687 (44 connections now open)
2020-04-15T00:04:03.003+0800 I NETWORK  [conn1534687] end connection 184.105.247.196:7576 (43 connections now open)
2020-04-15T02:11:39.270+0800 I NETWORK  [initandlisten] connection accepted from 51.38.140.6:35767 #1537241 (44 connections now open)
2020-04-15T02:11:39.723+0800 I NETWORK  [conn1537241] AssertionException handling request, closing client connection: 34348 cannot translate opcode 2013
2020-04-15T04:20:26.768+0800 I NETWORK  [initandlisten] connection accepted from 60.190.226.178:37104 #1539809 (44 connections now open)
2020-04-15T04:20:26.826+0800 I NETWORK  [conn1539809] end connection 60.190.226.178:37104 (43 connections now open)
2020-04-15T06:18:45.449+0800 I NETWORK  [initandlisten] connection accepted from 45.227.255.190:60790 #1542185 (44 connections now open)
2020-04-15T06:18:45.903+0800 I NETWORK  [initandlisten] connection accepted from 45.227.255.190:60822 #1542204 (45 connections now open)
2020-04-15T06:18:47.381+0800 I NETWORK  [conn1542185] end connection 45.227.255.190:60790 (44 connections now open)
2020-04-15T06:18:47.386+0800 I NETWORK  [conn1542204] end connection 45.227.255.190:60822 (43 connections now open)
2020-04-15T09:40:11.357+0800 I NETWORK  [conn1524553] end connection 218.17.161.71:58517 (3 connections now open)
2020-04-15T09:40:11.954+0800 I NETWORK  [initandlisten] waiting for connections on port 27017
2020-04-15T09:52:25.378+0800 I NETWORK  [initandlisten] waiting for connections on port 27017

解决方案

由于这平台目前还处于调试阶段,还没正式使用,所以就没设置mongodb帐号密码,端口也没有作限制才导致被人批量扫描了。只能从本地测试坏境导入数据解决。