MongoDB, as shipped on the Raspberry PI binds to port 27017 on any interface without any authentication. In other words, port 27017 is wide open. After a couple of weeks my server showed up in Shodan. And after that, approximately every five minutes, my server gets hit with automated scripts that remove the accounts and devices collections in MongoDB. This is a serious security vulnerability and I don’t see any reason why anyone would configure it that way. The default in MongoDB is to bind to localhost (127.0.0.1) and not to any (0.0.0.0).
Since MongoDB is installed as a snap, I could not generate a config file for MongoDB that would only bind to localhost. My solution for now, in case you are interested, was to install ufw (sudo snap install ufw) which I then configured to allow traffic on ports 22, 80, 443, 25200, 25202.
Any chance this will be fixed?