Seems ransomware has being targeting MongoDB databases: arstechnica.com/security/2017/01 … attackers/
Since Deadline uses MongoDB on port 27017 could Thinkbox comment on how secure it is. I realise that the database is not open to the Internet but…
Deadline 7 and up are using port 270X0 nowadays where the X denotes the major version number (not sure what’ll happen with version 10 
)
Mongo is about as secure as something without a password can be. We do have optional instructions on how to secure things with a password over here:http://docs.thinkboxsoftware.com/products/deadline/8.0/1_User%20Manual/manual/db-authentication.html, but for most people the overhead of securing something inside a trusted zone adds overhead they don’t really need or care about. Also, without encryption in between the password is only a small extra layer. We’ll be taking steps to help users with these kinds of things in the future though.
This ransomware business is no different than if you put your file server onto the public Internet. I did that when I started dabbling with Samba + OpenBSD back in 2005 (bound it to the wrong interface) and it ended up filling with viruses. I think these affected databases may have been primarily set up on cloud providers where users may not know how to secure their traffic behind the provided firewalls, or blanked allowed all traffic and forgot to lock it down again.