Обсуждение: Postgres DB hacked.
Dear All,
Thanks for your support.
We faced the below issue and our all DB backup data has lost.
It seems Hacker deleted all the tables in the DB and created a single table called "warning". when I am trying to select this table so it's showing Error (relation "warning" does not exist). Hacker created one more database "please_read_me_xmg" with single 'warning' table.
Could you please let us know how we can secure postgres DB from hackers.Although we have specified only one IP in pg_hba.conf file instead of all.
po 31. 8. 2020 v 6:58 odesílatel Yogesh Sharma <yogeshraj95@gmail.com> napsal:
Dear All,Thanks for your support.We faced the below issue and our all DB backup data has lost.It seems Hacker deleted all the tables in the DB and created a single table called "warning". when I am trying to select this table so it's showing Error (relation "warning" does not exist). Hacker created one more database "please_read_me_xmg" with single 'warning' table.Could you please let us know how we can secure postgres DB from hackers.Although we have specified only one IP in pg_hba.conf file instead of all.
pg_hba.conf is not enough protection against SQL injection. Probably your application is vulnerable against SQL injection.
The basic security mechanism is using more roles - one role like table, database owner, second role(s) for applications. In this case the attacker cannot change schema if compromite some application roles. You can use another mechanism like - RLS - row line security, ...
Regards
Pavel
On 8/30/20 11:58 PM, Yogesh Sharma wrote:
To follow up on Pavel's comment: if the only way to access the database is through the application server's IP address, and the database was accessed... then your application server was hacked.
Dear All,Thanks for your support.We faced the below issue and our all DB backup data has lost.It seems Hacker deleted all the tables in the DB and created a single table called "warning". when I am trying to select this table so it's showing Error (relation "warning" does not exist). Hacker created one more database "please_read_me_xmg" with single 'warning' table.Could you please let us know how we can secure postgres DB from hackers.Although we have specified only one IP in pg_hba.conf file instead of all.
To follow up on Pavel's comment: if the only way to access the database is through the application server's IP address, and the database was accessed... then your application server was hacked.
--
Angular momentum makes the world go 'round.
Angular momentum makes the world go 'round.