Important: Exposed MongoDB cluster in your code #310
Description
Warning
You have an exposed mongoDB cluster containing multiple databases in this repository.
Hey HelsinkiUniCollab, If you receive this issue don't panic, I am a friendly automated script looking around the internet and just to let you know that you have an exposed mongoDB cluster in your code.
I was able to connect and expose those databases from your cluster:
- Anurag
- Cluster0
- CrezylinksBot
- FileStream
- JoinReqs
- MdiskConvertor
- Nobideveloper
- PIRO_Botz
- Telegram_filem
- Telegram_files
- TeraBox_Users
- Url-Uploader-Bot
- VJ-URL-UPLOADER-BOT
- cphdlust
- crezyboters
- crezyrenamebotz
- filesharexbot
- filetolinkbot
- referal_user
- techvjbot
- terabox_tg-bot
- test_db_1
- test_db_10
- test_db_11
- test_db_12
- test_db_13
- test_db_14
- test_db_15
- test_db_16
- test_db_17
- test_db_18
- test_db_19
- test_db_2
- test_db_20
- test_db_21
- test_db_22
- test_db_23
- test_db_24
- test_db_25
- test_db_26
- test_db_27
- test_db_28
- test_db_29
- test_db_3
- test_db_30
- test_db_31
- test_db_32
- test_db_33
- test_db_34
- test_db_35
- test_db_36
- test_db_37
- test_db_38
- test_db_39
- test_db_4
- test_db_40
- test_db_41
- test_db_42
- test_db_43
- test_db_44
- test_db_45
- test_db_46
- test_db_47
- test_db_48
- test_db_49
- test_db_5
- test_db_50
- test_db_51
- test_db_52
- test_db_53
- test_db_54
- test_db_55
- test_db_56
- test_db_57
- test_db_58
- test_db_59
- test_db_6
- test_db_60
- test_db_61
- test_db_62
- test_db_63
- test_db_64
- test_db_65
- test_db_66
- test_db_67
- test_db_68
- test_db_69
- test_db_7
- test_db_70
- test_db_71
- test_db_72
- test_db_73
- test_db_74
- test_db_75
- test_db_76
- test_db_77
- test_db_8
- test_db_9
- vjbotz
- vjbotztechvj
- admin
- local
A malicious attacker could leak data and get credentials to your or people's services/system, even if you know that no sensible information is stored inside it, it is still very dangerous. I do not know what kind of information your databases hold but a malicious attacker could easily dump all the content, please make sure to follow these steps:
- Put your secrets in a .env file
- Use a library like dotenv to load the environment variables from your file onto your code
- At this point, I would either suggest either using github's tool to erase the history or you could delete the repos on Github, remove the .git folder locally and recreate a new repos with a clean history
In the future make sure to not expose your secrets especially your mongodb uri as it contains your username and password combination. Make sure to create a .env file and load your environment variables into your code accordingly.