my personal blog about systemcenter

MongoDB and Microsoft Advanced Threat Analyties and Secure by Default

The last few days we seen very public attacks on unsecured MongoDB databases exposed directly to the internet

MongoDB ransom attacks soar, body count hits 27,000 in hours

and respons from MondoDB

These attacks are preventable with the extensive security protections built into MongoDB. You need to use these features correctly, and our security documentation will help you do so. Here are pointers to the relevant documentation and other useful resources:

and a reference to their securty manual on how to secure mongodb

So was looking on where we are using mongodb and found our Advanced Thread Analytics install , this isnt internet connected but a internal attack wiping the database could be bad enough so we looked


Local Host listener only


and doublecheck in the mongod config file

And the only acceptable result , secure by default , thx Microsoft and MongoDB