
Professional Ransomware Group Gets Involved,Infections Reach 28K MongoDB Servers - RatherFunky
https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-professional-ransomware-group-gets-involved-infections-reach-28k-servers/
======
spongy_warbeast
I'm not clear on why people would be exposing MongoDB on a public address?

This habit of database-like software (does Redis still not offer
authentication?) treating authentication/authorization as a second-class
citizen is odd.

I guess it has proven to be webscale though [1].

[1]
[https://www.youtube.com/watch?v=b2F-DItXtZs](https://www.youtube.com/watch?v=b2F-DItXtZs)

~~~
bdcravens
Redis has offered simple authentication for some time:
[https://redis.io/commands/auth](https://redis.io/commands/auth)

Redis generally isn't put forth a first-class member of a popular stack and
featured in getting started tutorials in the same way that MongoDB has been.

