Postgres DB hacked.

po 31. 8. 2020 v 6:58 odesílatel Yogesh Sharma <yogeshraj95@gmail.com>
napsal:

Dear All,
Thanks for your support.

We faced the below issue and our all DB backup data has lost.

It seems Hacker deleted all the tables in the DB and created a single
table called "warning". when I am trying to select this table so it's
showing Error (relation "warning" does not exist). Hacker created one more
database "please_read_me_xmg" with single 'warning' table.

Could you please let us know how we can secure postgres DB from
hackers.Although we have specified only one IP in pg_hba.conf file instead
of all.

pg_hba.conf is not enough protection against SQL injection. Probably your
application is vulnerable against SQL injection.

The basic security mechanism is using more roles - one role like table,
database owner, second role(s) for applications. In this case the attacker
cannot change schema if compromite some application roles. You can use
another mechanism like - RLS - row line security, ...

Regards

Pavel

On 8/30/20 11:58 PM, Yogesh Sharma wrote:

Dear All,
Thanks for your support.

We faced the below issue and our all DB backup data has lost.

 It seems Hacker deleted all the tables in the DB and created a single
table called "warning". when I am trying to select this table so it's
showing Error (relation "warning" does not exist). Hacker created one more
database  "please_read_me_xmg" with single 'warning' table.

Could you please let us know how we   can secure postgres DB from
hackers.Although we have specified only one IP in pg_hba.conf file instead
of all.

To follow up on Pavel's comment: if the only way to access the database is
through the application server's IP address, and the database was
accessed... then your application server was hacked.

--
Angular momentum makes the world go 'round.