Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Project dissapears after approx 2 days. #409

Open
wkulesza opened this issue Aug 2, 2021 · 2 comments
Open

Project dissapears after approx 2 days. #409

wkulesza opened this issue Aug 2, 2021 · 2 comments

Comments

@wkulesza
Copy link

wkulesza commented Aug 2, 2021

Observed behavior

After approx. 2 days, when user logs in to data tools, previously created Project (with gtfs uploaded and valid) get missing.

Expected behavior

After creating a new project, uploading gtfs, this project and data should remain intact.

Steps to reproduce the problem

Deploy Data tools, for example using this docker:
https://github.com/javandres/gtfs_editor_ibi_datatools_docker

Version of datatools-server and datatools-ui if applicable (exact commit hash or branch name)

UI Version: | 10c562
Server version: | 6eb794

@wkulesza
Copy link
Author

wkulesza commented Aug 2, 2021

After connecting to mongo database, i have seen that there are three collections:
admin
config
READ__ME_TO_RECOVER_YOUR_DATA

the last one caught my attention and inside that collection there's an entry called README and its content is:

> db.README.find()
{ "_id" : ObjectId("61068e24534ea273d6227f5a"), "content" : "All your data is a backed up. You must pay 0.03 BTC to 1LjmcZAiNEnZrNiGhw4VcNVCx4RUbjX9rJ 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com or https://buy.moonpay.io/ After paying write to me in the mail with your DB IP: [email protected] and you will receive a link to download your database dump." }
>

This is the first time i see something like this - not possible to get to that server (i have just checked all my access logs) and this is also in docker, so a question, is that done by somebody by connecting to that mongo database ?

@wkulesza
Copy link
Author

My quick fix was to block mongodb from outside access, but of course Mongo needs to be run with authentication, while your documentation suggests it's not neccesary.
There's a lot of info about MongoDB ransoms - like here https://nakedsecurity.sophos.com/2020/07/02/mongodb-ransom-threats-step-up-from-blackmail-to-full-on-wiping/

Can you confirm that the config files env.yml /server.yml are so structred, one can add authentication easily to those users that should be access to mongodb ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant