Random DROP DATABASE postgres

For me, within a couple of days, the strapi itself deletes my database at a random time -_- . I can’t figure out why, I’ve already tried a lot of things and nothing helped, from updating strapi to updating postgres. My logs PostgresSql container - https://github.com/anteyku/postgreserror/blob/main/logs%2015.08.2023%20PostgresSQL%20Container%20.txt - here are all the logs, from the start of shearing and ending with the deletions of my database

Looking for another topic, I found an issue similar to yours (and I saved it for unforeseen futures), using postgresql.

Maybe it’s a similar problem.

What I can recommend is to use MySQL, so far I haven’t had this problem

What was mentioned in that thread didn’t work for me. My data table is not deleted after a reboot, it is deleted randomly --, it may take 1 day and the strapi will delete it, or it may take 8 days and only then it will delete it --, I didn’t have this before and it started only a month ago . And the strapi also takes away the superuser rights from the postgers user and gives his rights to the created strapi user, which was created by the strapi himself in the database (not me). What kind of fantastic things are happening in this admin panel?

I have my data in postgres and I just want to continue to work quietly with this admin panel, why is it deleting my tables?

is the database shared by any chance

yes,

don’t use shared databases because then it will drop. You do changes on one database when strapi starts again and connects it does a sanity check

Curious for clarification on what you mean by “shared?”

I assume you’re referring to a database that has all of the Strapi tables, and other tables maintained by a separate application?

only strapi table

That or if you have multiple applications “sharing” the same database, so one developer and one production instance using the same database.

The problem is that my database is public and a botnet is breaking into it from different IP addresses, and constantly picking up passwords 24/7, can I somehow prohibit access to it all except for the admin panel? if so, how?

Hello, I have been following this post because I’m curious of the cause of your problem.

Quick question
If your passwords are numbers, uppercase and lowercase letters as well as symbols, and above 10 charactes they should be strong enough in order to prevent this kind of attack. What kind of botnet has that much power?

Plausible solution

• If your database is on the same server with your Strapi app then you should check if the database ports are open to the public. They shouldn’t be. Strapi can connect to the database internally.

• If your database is on a different server than Strapi, then you should restrict the access on your database server to only accept traffic from the Strapi server. i.e. Strapi’s server public IP.

Hope I gave you some ideas.

Ah yes, I can see why that will be problematic

Yes, you can restrict access to the database to the Strapi application only and your IP address(es) if required.

How? Depends on your hosting solution. If you’re using AWS, Google Cloud, or Azure there are plenty of solutions online on how to lock down your database to an application or restricted within a Virtual Private Cloud (VPC).

If you’re using an alternative method of hosting, the community might be able to help but you’re starting to get into more intermediate and advanced topics.

constantly picking up passwords 24/7

Sad as it is to say, welcome to the Internet. Every website, service, server, IP Address and device on the Internet is being scanned for vulnerabilities.

My password was quite light “123456”, and I initially thought that my database was only accessible on the local network for strapi, but it turned out that the port was public and other users could connect to it. I have already changed my password and set up a firewall