mongodb數據庫被黑客刪除數據的表現

前些日子看阿里雲便宜，買了一個，安裝了一個mongodb，自己連着做調試。
好久沒用了，今天突然驚喜的發現被黑客登錄了。沒想到居然還有人靠這么低級的漏洞混飯吃。
被黑的表現如下：

> show dis
HOW_TO_RESTORE_mydb1  0.078GB
HOW_TO_RESTORE_mydb2  0.078GB
README                0.078GB
local                 0.078GB
mydb1                 0.453GB
mydb2                 0.453GB

其中mydb1的數據和mydb2的數據都被清空了。
從mongodb的直連地址來自美國（當然也有可能是用的美國服務器做的代理，但是事發之后並不能ping通那個ip，應該對方水平也並不高，可能真是用的自己的PC）：

刪除數據庫的時間是：4:27
其中HOW_TO_RESTORE_mydb1、HOW_TO_RESTORE_mydb2、README存儲的是勒索信息。勒索信息如下：

> use HOW_TO_RESTORE_mydb1
switched to db HOW_TO_RESTORE_mydb1
> show tables;
HOW_TO_RESTORE
system.indexes
> db.HOW_TO_RESTORE.findOne();
{
	"_id" : ObjectId("5d95544778e531762eb557c2"),
	"What_happend" : "Your DB was saved and archived, you have 7 days to restore it.",
	"___" : "",
	"How_to_restore" : "Send 0.125 Bitcoin to address bellow",
	"pay_to_btc_address" : "19Ng6XNfCo9pdzDred8ztgWf9BbpTiBr6M",
	"email_to" : "Send email to baseshaver@criptext.com OR baseshaver@elude.in with your ID-code and transaction link! More info on links below!",
	"YOUR_ID_CODE" : "5c487d7b3cce97442e95825b5c487d7b3cce9744",
	"get_db_back" : "You will get your db archive back immediately right after we receive an email and check payment.",
	"TIME" : "you have 7 days to pay, then DB will be published on private hack forum and deleted from our HDDs.",
	"contact_problems" : "If you not get answer in 12 hours or get errors when sending letters use reserve emails or check MORE_INFO for another contacts:",
	"reserve_emails" : "baseshaver@protonmail.com | baseshaver@keemail.me | baseshaver@inbox.lv |  baseshaver@yandex.com | baseshaver@secmail.pro | baseshaver@lycos.com",
	"MORE_INFO" : "You can find more information here: https://anotepad.com/note/read/53sex69b OR https://onlinenotepad.us/LAeK8dBJc8 ",
	"____" : "",
	"Where_to_buy_btc" : "List below of exchanges where you can buy BTC in next collection!",
	"BTC_Exchanges" : " localbitcoins.com | paxful.com | payments.changelly.com | wirex.com | abra.com | coinmama.com ",
	"BTC_Guides" : " https://www.buybitcoinworldwide.com/ | https://en.bitcoin.it/wiki/Main_Page "
}

> use README
switched to db README
> show tables;
README
system.indexes
> db.README.findOne();
{
	"_id" : ObjectId("5a460f404186ec47a8181643"),
	"Bitcoin" : "16NHQZe81LqTPfekW3VXvnyZcFLR37VyHi",
	"Email" : "4b4340f8c832472e902b5482bcfdedfa@protonmail.com",
	"Exchange" : "https://localbitcoins.com",
	"Solution" : "Your database has been downloaded and backed up on our secured servers. To recover your lost data: Send 0.1 BTC to our Bitcoin address and contact us by email with your MongoDB server IP address and proof of payment."
}

解決方法大家都應該知道，設置密碼，改端口，新建用戶跑mongodb，只監聽127.0.0.1，設置防火牆等。就不多說了。