TYK created users no longer visible

Hi,

I had setup TYK quickstart on docker about 2 weeks ago.
After the initial setup challenges were resolved all was working ok,
I left TYK running in our environment but today as i tried to login on the dashboard with the correct credentials it kept rejecting login. To check, i curled /api/users with the user access key i have been using previously and always worked. But I now get the error:
{“users”:null,“pages”:0}
Previously this returned 2 user records.
When i use the admin api to query the org list (/admin/organisations) the response is:
{“organisations”:null,“pages”:0}
When i try to curl: /api/users/{user_id}
{“Status”:“Error”,“Message”:“Could not retrieve user detail”,“Meta”:null}

Notice that TYK does not return a (“Not authorised”) error that the access_key i use for curling /api/users is invalid and also i am able to create new users using the admin-api and by specifying the org_id i have been using since installation.
So it seems the org and user entities exist but for some reason tyk is returning null. to these queries

I docker-compose restarted but still same issue. Then i created a new user with the admin-api and using the orgid that should already exist. After creating the new user i can login to the dashboard with this new user credentials. While on the dashboard I see that all the previously created API for the organisation are no longer visible. When i try to add a new one i get an error: .
Created API entry, but failed to update API Registry.

Your help will be much appreciated.

Dashboard logs:
time=“Aug 11 21:45:57” level=warning msg=“Login opened from: 82.115.203.152:59415”
time=“Aug 11 21:45:59” level=warning msg=“Login opened from: 82.115.203.152:59415”
time=“Aug 11 21:48:17” level=warning msg=“Successful login ([email protected]) from: 82.115.203.152:59415”
time=“Aug 11 21:48:17” level=error msg=“Failure in org lookup”
time=“Aug 11 21:48:17” level=error msg=“not found”
time=“Aug 11 21:48:18” level=info msg=“Aggregates disabled”
time=“Aug 11 21:48:18” level=info msg=“Aggregates disabled”
time=“Aug 11 21:48:18” level=info msg=“Aggregates disabled”
time=“Aug 11 21:48:23” level=error msg=“Failure in org lookup”
time=“Aug 11 21:48:23” level=error msg=“not found”
time=“Aug 11 21:48:26” level=error msg=“Failure in org lookup”
time=“Aug 11 21:48:26” level=error msg=“not found”
time=“Aug 11 21:48:26” level=error msg=“Failure in org lookup”
time=“Aug 11 21:48:26” level=error msg=“not found”
time=“Aug 11 21:48:26” level=error msg=“Couldn’t retrieve organisation!”
time=“Aug 11 21:48:26” level=error msg=“Failed tp update register!”

It’s most likely that mongoDB is not running?

Hi Martin,

Mongo DB is running. To troubleshoot further, i decided to remotely connect to the TYK mongo DB via a UI tool. I was expecting the connection to be rejected and that i’ll have to go and dig out the default credentials from somewhere in one of the conf files but to my surprise i was connected from a remote PC with no credentials. Either I missed something or this part was not clearly highlighted that the MongoDB is fully unprotected.
So looking around in the collection/docs I came across the following which was my second big surprise. It turns out the MongoDB had been hacked and wiped out within a space of 2 weeks of bringing it up.

Database= Warning > Collection: Readme:
{
“_id” : ObjectId(“5989618267d0b6a003f0b583”),
“BitCoin” : “1ConGo1xRHCh3K6L1ywL4U1KHuC7XYQGqU”,
“eMail” : "[email protected]",
“Solution” : “Your DataBase is downloaded and backed up on our secured servers. To recover your lost data:Send 0.2 BTC to our BitCoin Address and Contact us by eMail with your MongoDB server IP Address and a Proof of Payment. Any eMail without your MongoDB server IP Address and a Proof of Payment together will be ignored. You are welcome!”
}

This seems to be a common problem nowadays. So TYK MongoDB should not be installed fully open/unprotected

Please advice what is the best way to get the MongoDB collections/docs recreated/restored i am hoping i wont have to re-install the TYK entirely all over again

Hi Del,

Securing your databases is your responsibility, sorry to have to say it, like any Database that you install and make open to the internet - we dl not supply MongoDB, we just require it to be available.

If the DB is gone, you may need to recreate the DB and run the bootstrap again, and yes, it’s likely that you will need to re-add all of your api configurations.

Sorry to hear your database got hacked by a bot :-/

M

(This has happened to me before on a test system btw, it is super annoying)

Yep, never assume the DB installed as part of an application setup is secured. Though the main reason i hadnt spent time explicitly hardening the mongo docker instance was because this is in test mode.

But i have now reconfigured the tyk_analytics to point to our properly hardened and auth enabled test Mongo Server and also updated tyk_pump accordingly. I should have done this right from the onset. Thanks for your help…

1 Like