Ensuring Syncplify’s MongoDB instance safety

Syncplify.me Server! version: 4.0.0+

In light of the recent news regarding ransomware targeting MongoDB, we would like to inform all of our users and customers that we are actively working to add support for MongoDB’s authentication directly inside our software.

In the meantime, though, it is very important to understand that:

  • set aside the hype, a good network security model already addresses 99% of all the issues of this type (DB-connectivity related)
  • Syncplify’s specific MongoDB instance uses port 28038 (instead of the standard 27017) and is therefore not targeted by the above mentioned ransomware
  • Syncplify’s specific MondoDB instance only accepts requests from localhost (127.0.0.1) unless you have explicitly created a Windows Firewall rule

Because of the above reasons we believe that all Syncplify.me Server! instances deployed in non-HA mode are safe unless the network and Windows Firewall configuration has been altered by the users/customers themselves.

For HA (high-availability) instances, we do strongly recommend our users/customers to make sure their network firewall and Windows Firewall rules only allow connections to the DB server(s) from the machines running the SFTP front-end nodes. No other machine should be allowed to connect to your DB server(s).

This said, we want to reassure everyone – once again – that we are also actively working (with high priority) to add MongoDB authentication directly into our software.

How to protect your backups from ransomware (Cryptolocker, WannaCry, and the like…)

Syncplify.me Server! version: 4.0.0+

Ransomware is a type of malware that restricts access to the infected computer system, and demands that the user pay a ransom to the malware operators to remove the restriction. Probably the most famous ransomware is Cryptolocker, and it’s definitely something you don’t want to deal with.

Regardless of the strenuous efforts put in place by Antivirus developers, the rate of infection is appalling. And what is worse is that such ransomware can also access all the shared folders on your NAS/SAN, so if you backup to a network drive your backups will be compromised too. The ransomware objectives include, in fact, preventing you from being able to restore your old (healthy) data from a backup.

Managing such situation with permissions and ACL (access-control lists) is a nightmare, and it’s hard to reach a true WORM (write once read many) situation which is the only truly secure way to prevent the ransomware from modifying the backups you’ve already stored. And if you have healthy backups the ransomware is “de facto” already defeated.

So what can you do to store your backups somewhere else in a truly WORM way? Continue reading