dnswatchdog.iodocs
Issues

Port 27017: MongoDB

Open MongoDB port detected on a publicly accessible host.

Severity: Critical | Port: 27017

What is MongoDB?

MongoDB is a popular NoSQL document database that stores data in flexible, JSON-like documents. It is widely used in web applications, mobile backends, and content management systems. MongoDB listens on port 27017 by default for client connections.

Why this is a problem

MongoDB has been involved in thousands of data breaches due to instances left exposed on the internet without authentication. Older versions had authentication disabled by default, and many deployments were never secured. Attackers actively scan for open MongoDB ports, and automated tools can dump entire databases in minutes. Ransomware groups routinely delete MongoDB data and leave ransom demands.

What you should do

  • Block port 27017 from the internet
  • Enable authentication (--auth flag or security.authorization: enabled in the config)
  • Bind MongoDB to private network interfaces only
  • Use TLS/SSL for all connections
  • Create specific database users with minimal required permissions (avoid using the admin account for applications)
  • Keep MongoDB updated to the latest stable version

Port 11211: Memcached

Open Memcached port detected on a publicly accessible host.

Inactive IP Address

No open ports or services detected on a resolved IP address.

On this page

What is MongoDB?Why this is a problemWhat you should do