I'm seeing failed connection attempts in my Heroku Postgres logs, but I'm not creating these connections and they come from an IP address that I don't recognize. It looks like someone might be trying to hack my database:
sql_error_code = 28000 FATAL: no pg_hba.conf entry for host "18.104.22.168", user "postgres", database "postgres", SSL off
Variations of the above error might include the
user being set to
test, or other default usernames.
These errors indicate a failed login attempt was made to your database, which means that the connection wasn't established.
It is common to see failed connection attempts that use default usernames (such as
user "postgres", database "postgres"). Being on the public internet means some level of unauthorized access attempts are possible. These are very unsophisticated attempts that usually involve trying combinations like
postgres. However, Heroku Postgres usernames, passwords, and database name combinations are randomly generated, making these generic access attempts futile.
Another common cause of the
sql_error_code=28000, particularly when it involves the "unsupported frontend protocol" message is the use of tools like
nmap. Read more about the "unsupported frontend protocol" message.
Heroku takes security seriously and works diligently to ensure the safety of your data. Furthermore, trust is a core principle of salesforce.com and Heroku. It’s this commitment to customer privacy and inspiring trust that directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and one we take seriously.
To learn more about Salesforce.com efforts to protect customer privacy and actions customers can take to protect their data visit the Salesforce Trust And Compliance Policies.