As always, secure your data. Not sure of the motives for these attacks, but am very sure that laissez-faire webmasters will reap an unhappy day for failing to take due diligence.

Lock not only the front door, but the back door, and any other openings!

<tangent>
Is it possible to read this account--including the screenshots in the linked article--and not form a mental association with damage done by cat walking across keyboard?
</tangent>

The following message was cut out to new thread by engine. New thread at: /search_engine_promotion/5003690.htm [webmasterworld.com]
5:03 pm on Jul 27, 2020 (utc +1)

[edited by: engine at 4:06 pm (utc) on Jul 27, 2020]

As always, secure your data. Not sure of the motives for these attacks, but am very sure that laissez-faire webmasters will reap an unhappy day for failing to take due diligence.

True, but I also blame the developers of database engines like Mongo and Elasticsearch.

They are writeable by anyone who can connect to the server by default.

Elastic search even used to have authentication in an option, proprietary, add-on.

While there are use cases where you do not want auth, and these are products that are designed for those use cases, but I still think its better to have auth on by default and have admins turn it off deliberately, having it on when it should be off is a much easier mistake to spot than having it off when it should be on, AND does not cause irreversible harm like data leaks or tampering.

They are writeable by anyone who can connect to the server by default.

This is not true. At least not with respect to MongoDB. I have never used ElasticSearch so I can't comment. MongoDB is by default bound to the localhost. Therefore you need access to system that the database is installed on to get access to the DB. Or the web/app developer needs to change this binding to open access.

Here is a link to an article from ArsTechnica regarding this topic, with comments from ElasticSearch and MongoDB.
[searchsecurity.techtarget.com...]

Excerpt from the article.

Some of the security changes made by MongoDB in recent versions include adding localhost binding by default, which limits access to the database to only the system on which the database is first installed, and upgrading from SHA-1 to SHA-256 for database authentication systems.

The attacks may be targeting websites using old versions.

And more importantly, much more importantly, we are taking about 1000 websites that have been attacked. There are likely more successful Wordpress attacks done on a daily basis than have ever been done with this "Meow attack".

It's true it's a relatively low number of sites affected, and I wonder if those mostly impacted are amateur or neglected sites.

Jeez. I wonder, is it simply someone having fun, or this was an outcome of a more large-scale operation? I wouldn't be surprised if mostly impacted were amateur or neglected sites indeed, but the question is - were they the only ones that have been targeted, or the bigger ones simply have been more successful at dodging the attack?

This is not true. At least not with respect to MongoDB. I have never used ElasticSearch so I can't comment. MongoDB is by default bound to the localhost. Therefore you need access to system that the database is installed on to get access to the DB.

Elastic search does the same.

That means it stops people connecting to remotely, but once you connect you need no further authentication.

This is still a problem, because the moment you let it bind to a different address its completely open.

It makes it far too easy to make mistakes. The moment you need access from another server, or an admin needs remote access or whatever, someone has to remember to secure it.

The default should be bind to localhost (or a Unix socket) AND require authentication.

And more importantly, much more importantly, we are taking about 1000 websites that have been attacked. There are likely more successful Wordpress attacks done on a daily basis than have ever been done with this "Meow attack".

Except the average size of a site using these is much larger and they may also be used for internal systems in a lot of organisation. You typically need Elasticsearch if you need more sophisticated search than say a typical database engine's plain text search. Elasticsearch is also used for logging and monitoring - again, you would only bother for a reasonably large or important service. Mongo has a wider range of use, but its still usually much more critical or larger scale use that of a popular CMS.