by slau on 1/8/2017, 10:19:35 AM
by gnarbarian on 1/8/2017, 9:49:45 AM
"hackers have now hit around 10,500 MongoDB servers. That's about 25% of all MongoDB databases accessible via the Internet. The attacks don't target all MongoDB databases, but only those left accessible via the Internet and without a password on the administrator account."
25% of mongodb installs externally accessible lack a fucking password on the admin account.
They deserve it. Maybe it will teach them something.
by bdcravens on 1/8/2017, 10:29:50 AM
Maybe I'm being all "get off my lawn", but I feel this is an almost inevitable result of attitudes about new stacks, the rise of the bootcamper, and hackathons-turned-product. In theory that young hipster developer that fits the mold would be just a junior on the team, and their enthusiam and foolhardiness towards moving fast and breaking things would be tempered by more mature team members and operators. However, I think we're seeing a world where 2013 bootcamp grads are the seniors and the cult of hacking and iterating and breaking things means situations like this will become more common.
by wonko1 on 1/8/2017, 10:11:49 AM
Why do so many MongoDB installation lack a password on the Admin account?
I tried search for me info, but could find anything. Was this the default? Procedure given in a popular tutorial? It seems pretty insane.
by kapauldo on 1/8/2017, 2:02:28 PM
Is there a tool for checking mongo vulnerabilities?
The same story on Ars has had a bit more traction (120+ comments).
https://news.ycombinator.com/item?id=13345947