In light of the recent news regarding ransomware targeting MongoDB, we would like to inform all of our users and customers that we are actively working to add support for MongoDB’s authentication directly inside our software.
In the meantime, though, it is very important to understand that:
- set aside the hype, a good network security model already addresses 99% of all the issues of this type (DB-connectivity related)
- Syncplify’s specific MongoDB instance uses port 28038 (instead of the standard 27017) and is therefore not targeted by the above mentioned ransomware
- Syncplify’s specific MondoDB instance only accepts requests from localhost (127.0.0.1) unless you have explicitly created a Windows Firewall rule
Because of the above reasons we believe that all Syncplify.me Server! instances deployed in non-HA mode are safe unless the network and Windows Firewall configuration has been altered by the users/customers themselves.
For HA (high-availability) instances, we do strongly recommend our users/customers to make sure their network firewall and Windows Firewall rules only allow connections to the DB server(s) from the machines running the SFTP front-end nodes. No other machine should be allowed to connect to your DB server(s).
This said, we want to reassure everyone – once again – that we are also actively working (with high priority) to add MongoDB authentication directly into our software.