
Over 12,000 MongoDB Databases Deleted by Unistellar Attackers - kristianp
https://www.bleepingcomputer.com/news/security/over-12-000-mongodb-databases-deleted-by-unistellar-attackers/
======
scarface74
Why is this still a thing? I’ve been hearing about publicly accessible
databases being deleted for almost two decades. Why are these ports open to
the Internet?

~~~
mailslot
Maybe for the same reason my employer made me open up the ports to a
PostgreSQL instance? Stupid cloud reporting service to make stupid charts with
a stupid point & click UI.

At least I enabled SSL, whitelisted the IP range, and set a password... and
made it read-only.

~~~
72deluxe
I bet you sighed inside when opening those ports...

Thankfully PostgreSQL outputs JSON and accepts SQL with JSON in it last time I
looked, so you can bypass the web service in the middle and just give web
client users direct access to the database....

