I'm seeing a number of FATAL errors from Postgres in my logs like someone might be hacking my database:
sql_error_code = 28000 FATAL: no pg_hba.conf entry for host "18.104.22.168", user "postgres", database "postgres", SSL off
Variations of the above error might include the
user being set to
test or other default usernames.
These errors indicate a failed login attempt was made to your database. Being on the public internet means some level of unauthorized access attempts are possible. These are very unsophisticated attempts that usually involve trying combinations like
postgres. However, Heroku Postgres usernames, passwords, and database name combinations are randomly generated, making these generic access attempts futile.
Heroku takes security seriously and works diligently to ensure the safety of your data. Furthermore, trust is a core principle of salesforce.com and Heroku. It’s this commitment to customer privacy and inspiring trust that directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and one we take seriously.
To learn more about Salesforce.com efforts to protect customer privacy and actions customers can take to protect their data visit the Salesforce Trust And Compliance Policies.