Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E33D0200C04 for ; Tue, 24 Jan 2017 18:56:38 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id E1C72160B38; Tue, 24 Jan 2017 17:56:38 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 37D4F160B3E for ; Tue, 24 Jan 2017 18:56:38 +0100 (CET) Received: (qmail 93095 invoked by uid 500); 24 Jan 2017 17:56:37 -0000 Mailing-List: contact marketing-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: marketing@couchdb.apache.org Delivered-To: mailing list marketing@couchdb.apache.org Received: (qmail 93079 invoked by uid 99); 24 Jan 2017 17:56:37 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jan 2017 17:56:37 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id E050EC21DF for ; Tue, 24 Jan 2017 17:56:36 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.301 X-Spam-Level: X-Spam-Status: No, score=0.301 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id d1md3KDTcznU for ; Tue, 24 Jan 2017 17:56:34 +0000 (UTC) Received: from monoceres.uberspace.de (monoceres.uberspace.de [95.143.172.184]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id F30B95F47F for ; Tue, 24 Jan 2017 17:56:33 +0000 (UTC) Received: (qmail 5111 invoked from network); 24 Jan 2017 17:56:33 -0000 Received: from localhost (HELO ?172.23.1.132?) (127.0.0.1) by monoceres.uberspace.de with SMTP; 24 Jan 2017 17:56:33 -0000 From: Jan Lehnardt Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Subject: CouchDB Ransom Notes Message-Id: <7A586D36-3368-4DA4-AB7C-A2DB0BE7CBB5@apache.org> Date: Tue, 24 Jan 2017 18:56:31 +0100 To: "dev@couchdb.apache.org Developers" , user@couchdb.apache.org, security@couchdb.apache.org, announce@couchdb.apache.org, marketing@couchdb.apache.org X-Mailer: Apple Mail (2.3259) archived-at: Tue, 24 Jan 2017 17:56:39 -0000 Dear CouchDB Community, You may have seen a news item[1] about CouchDB in the past few days. = There is a trend of finding unsecured public databases, deleting all the = data in them, and asking for a ransom to restore the data. This has been = going on with MongoDB for a while, now Hadoop and CouchDB joined the = list of affected database products. One of CouchDB=E2=80=99s design goals is ease-of-use. That lead us to = decide on easy to access security defaults for CouchDB. Namely the = famous Admin Party (every request is considered coming from an = administrator). To make sure this isn=E2=80=99t a security issue, = CouchDB by default also only binds to the local loopback network = interface 127.0.0.1 and we recommend creating an admin account before = making CouchDB accessible from the public. As far as we can tell for now, the affected CouchDB instances have been = in Admin Party mode and publicly accessible. As a result we are = reiterating the documented best practice: Do not run CouchDB without an = admin account on a public network interface. Make sure to choose a = strong password for the admin account. For CouchDB 2.0 and onwards, we already make the creation of the admin = account part of the cluster setup, but users can still choose to ignore = this step. For future CouchDB versions (3.x and onwards), we are = currently taking steps to make things even more secure by default and = make it even harder (if not impossible) to run an insecure CouchDB = instance in production. We are also working with the security researches that are doing = widespread investigations into this issue to see if there are any other = issues that we can address on the CouchDB side. If you have any questions, please contact the user=E2=80=99s list = user@couchdb.apache.org. If you want to report an intrusion into a CouchDB instance that you can = prove has been secured with an admin account and associated security = measures (like TLS), or if you have any other useful information = pertaining to this issue, please contact security@couchdb.apache.org, = our private security reporting mailing list. [1]: = https://www.bleepingcomputer.com/news/security/database-ransom-attacks-hit= -couchdb-and-hadoop-servers/ Best Jan Lehnardt =E2=80=94 Apache CouchDB PMC Chair