What was mentioned in that thread didn’t work for me. My data table is not deleted after a reboot, it is deleted randomly --, it may take 1 day and the strapi will delete it, or it may take 8 days and only then it will delete it --, I didn’t have this before and it started only a month ago . And the strapi also takes away the superuser rights from the postgers user and gives his rights to the created strapi user, which was created by the strapi himself in the database (not me). What kind of fantastic things are happening in this admin panel?
The problem is that my database is public and a botnet is breaking into it from different IP addresses, and constantly picking up passwords 24/7, can I somehow prohibit access to it all except for the admin panel? if so, how?
Hello, I have been following this post because I’m curious of the cause of your problem.
If your passwords are numbers, uppercase and lowercase letters as well as symbols, and above 10 charactes they should be strong enough in order to prevent this kind of attack. What kind of botnet has that much power?
If your database is on the same server with your Strapi app then you should check if the database ports are open to the public. They shouldn’t be. Strapi can connect to the database internally.
If your database is on a different server than Strapi, then you should restrict the access on your database server to only accept traffic from the Strapi server. i.e. Strapi’s server public IP.
Yes, you can restrict access to the database to the Strapi application only and your IP address(es) if required.
How? Depends on your hosting solution. If you’re using AWS, Google Cloud, or Azure there are plenty of solutions online on how to lock down your database to an application or restricted within a Virtual Private Cloud (VPC).
If you’re using an alternative method of hosting, the community might be able to help but you’re starting to get into more intermediate and advanced topics.
constantly picking up passwords 24/7
Sad as it is to say, welcome to the Internet. Every website, service, server, IP Address and device on the Internet is being scanned for vulnerabilities.
My password was quite light “123456”, and I initially thought that my database was only accessible on the local network for strapi, but it turned out that the port was public and other users could connect to it. I have already changed my password and set up a firewall