Meow Hacking Attacks on Elasticsearch and MongoDB

July 28, 2020
Meow Hacking Attacks on Elasticsearch and MongoDB

Meow Hacking Attacks on Elasticsearch and MongoDB

Unstable Elasticsearch and MongoDB databases have been focused in hacking attacks that eradicate all data. There are no payment requests.

These are being called Meow Attacks because they leave an obvious meow signature on server log files.

Meow Hacking Attacks

The attacks are focusing on unstable installations of Elasticsearch and MongoDB.

That may mean installations that are not ensured by a firewall and are exposed to the public.

That also could be installations that don’t have SSL encyrpted communications.

The Elasticsearch hacking attack was noted by security research Bob Chiachenko on July 20, 2020. He noted there were no ransom requests or warnings.

It was an attack planned exclusively to erase all data.

Automated Hacking Attacks

Generally, hacking attacks are automated. A bot script attacks a site by testing for known vulnerabilities like unstable ports and weak files. The process is similar to a thief walking down a street checking door handles for unlocked vehicles.

The meow attack is also an automated attack.

What is Being Attacked?

At this moment, it is unstable Elasticsearch and MongoDB databases that are being attacked.

Elasticsearch is being attacked the most, followed by MongoDB.

As of July 24, 2020, there were 1,779 Elasticsearch and 701 MongoDB attacks.

Elasticsearch is an open source search and analytic service that is utilized by companies like Uber, Shopify and Udemy.

MongoDB states on their site that it is utilized by companie like eBay, Adobe, SquareSpace, Verizon and the UK government.

Attacks Alleged to be Hidden by a VPN

Somebody on Twitter posted log file screen captures of a Mongo database attack that showed the attacks on that server were going through a VPN IP address in order to hide the true origin of the attack.

Activity Recommended

There are security plugins for Elasticsearch:

tweet about hacking attack

It might be judicious for publishers running Elasticsearch or MongoDB to consider reviewing their installations to discover they are secure and not exposed to the public Internet.

Read more details about meow hacking attack.

We at CodeLedge are providing Sweden’s best website development services. Stuck with your website development process and best suitable website design. Ask us for the help at or get a quote from here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate »