linux云服务器下mysql5.7被被攻击,删表,比特币勒索怎么办

啥也不懂的派大星 2022-04-05 15:05:41 阅读数:536

linux Mysql 服务器 服务 MySQL5.7

问题描述:
以下数据库已被删除:efo, zwb。 我们有完整的备份。 要恢复它,您必须向我们的比特币地址bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5支付0.0075比特币(BTC)。 如果您需要证明,请通过以下电子邮件与我们联系。 [email protected] 。 任何与付款无关的邮件都将被忽略!
在这里插入图片描述

清明小长假打算登上我的腾讯云服务器搞点事,结果发现我的项目数据库貌似连不上了?what?

拿出了我的Navicat用root用户,密码123456访问我的mysql,发现报1045,难道输错密码了?接连试了所有的密码,全部失败。
在这里插入图片描述
登陆服务器
查看mysql进程; ps -ef | grep mysql
结果如下图,并没有mysql的进程。

[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] ps -ef | grep mysql;
root 401 21612 0 11:14 pts/0 00:00:00 grep --color=auto mysql
  1. 启动mysql; service mysql start
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] service mysql start;
Starting MySQL. SUCCESS!
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] ps -ef | grep mysql
root 780 1 0 11:17 pts/0 00:00:00 /bin/sh /usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/bin/mysqld_safe --datadir=/data/mysql --pid-file=/data/mysql/mysql.pid
mysql 1020 780 0 11:17 pts/0 00:00:00 /usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/bin/mysqld --basedir=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64 --datadir=/data/mysql --plugin-dir=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/lib/plugin --user=mysql --log-error=/var/log/mariadb/mariadb.log --pid-file=/data/mysql/mysql.pid --socket=/tmp/mysql.sock --port=3306
  1. 登陆mysql
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

报1045 (28000)

  1. 使用skip-grant-tables跳过密码验证方式启动mysql;service mysql start --skip-grant-tables
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] service mysql stop; #先关闭运行中的mysql服务
Shutting down MySQL.. SUCCESS!
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] service mysql start --skip-grant-tables
Starting MySQL. SUCCESS!
  1. 登陆mysql;mysql -u root -p;密码随便输入回车
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.37 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
  1. 查看mysql系统的user表,检查用户是否正常
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select user,authentication_string from user;
+---------------+-------------------------------------------+
| user | authentication_string |
+---------------+-------------------------------------------+
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysqld | *83D34C89B8E0F100D54C6D9276D357DB43E8779F |
+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
mysql>

发现并没有root用户,也被删了!
这时候用Navicat连接上数据库,给我惊呆了!

在这里插入图片描述

在这里插入图片描述

  1. 添加root用户
    如报–skip-grant-tables 错误,则使用flush privileges;刷新内存权限即可。
mysql> grant all privileges on *.* to 'root'@'localhost' identified by '123456uiop&A';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on *.* to 'root'@'localhost' identified by '123456uiop&A';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql>

这时候也查到root用户了

mysql> select user,authentication_string from user;
+---------------+-------------------------------------------+
| user | authentication_string |
+---------------+-------------------------------------------+
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| root | *3B29E00DDA244F88EFCFCC3D20BE339E848EE5F3 |
| mysqld | *83D24C49B8E0F100D54C6D9274D357DB43E8779F |
+---------------+-------------------------------------------+
6 rows in set (0.00 sec)
mysql>
  1. 给root用户添加远程访问权限
    更新user表host字段,刷新权限内存。
    host='%'代表运行所有ip进行远程连接,host=‘xxx.xx.x.xx’ 运行ip:xxx.xx.x.xx 连接
mysql> select user,host from user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| mysqld | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)
mysql> update user set host='%' where user='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select user,host from user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| mysqld | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
+---------------+-----------+
rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>
  1. 到这基本上大功告成了,如果有数据需要恢复的话,可以通过bin log日志来恢复,或者从库。

linux系统中给mysql配置环境变量

修改配置文件

vim /etc/profile

输入环境变量配置

MYSQL_HOME=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64 #安装路径
export PATH=PATH=$PATH:$MYSQL_HOME/bin
export PATH MYSQL_HOME

如图即可:
在这里插入图片描述

重新加载配置文件

source /etc/profile

这样就可以在任何地方进入数据库,不用到数据库bin目录下了

mysql -u root -p
版权声明:本文为[啥也不懂的派大星]所创,转载请带上原文链接,感谢。 https://blog.csdn.net/zwb_dzw/article/details/123950619