
Publicly accessible MongoDB instances on the Internet - achillean
https://blog.shodan.io/its-still-the-data-stupid/
======
xlm1717
Just goes to show you, no matter what you do sometimes you just can't protect
people from themselves. These lines are telling:

"By default, newer versions of MongoDB only listen on localhost. The fact that
MongoDB 3.0 is well-represented means that a lot of people are changing the
default configuration of MongoDB to something less secure and aren't enabling
any firewall to protect their database. In the previous article, it looked
like the misconfiguration problem might solve itself due to the new defaults
that MongoDB started shipping with; that doesn't appear to be the case based
on the new information. It could be that users are upgrading their instances
but using their existing, insecure configuration files."

If it's a matter of keeping their existing, insecure configuration files, you
have to hope a future update would fix this. Then again, they'll probably
press enter through the prompt asking them to set up authentication on update.
I just hope these people aren't deliberately changing config to listen to
outside servers without authentication.

------
lightlyused
On the graph, Digital Ocean is listed twice.

