Be careful using docker with firewall
When you start a docker container with some ports bound, it becomes automatically accessible from the internet, regardless of your host machine firewall rules (ufw etc.)
That’s the reason I see this in my database now :) Ufw was set up to deny anything but ssh and http/https. However, the container running mongodb was accesible for everyone by 27017 port because docker does not care about the ufw.
Of course, the database is completely dropped, but there was nothing valuable in it.