Mysql5.0 under Linux ECS 7. What about being attacked, deleting tables and bitcoin blackmail

Pie star who knows nothing 2022-04-05 20:21:48 阅读数:945

mysql5.0 mysql linux ecs attacked

Problem description :
The following databases have been deleted :efo, zwb. We have full backup . To restore it , You have to send our bitcoin address to bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5 payment 0.0075 The currency (BTC). If you need proof , Please contact us by email below . [email protected] . Any email not related to payment will be ignored !
 Insert picture description here

During the Qingming holiday, I'm going to board my Tencent cloud server and do something , It turns out that my project database doesn't seem to be connected ?what?

Took out my Navicat use root user , password 123456 Visit my mysql, Discovery newspaper 1045, Did you enter the wrong password ? Tried all the passwords in succession , All failed .
 Insert picture description here
Login server
see mysql process ; ps -ef | grep mysql
The results are as follows , did not mysql The process of .

[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] ps -ef | grep mysql;
root 401 21612 0 11:14 pts/0 00:00:00 grep --color=auto mysql
  1. start-up mysql; service mysql start
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] service mysql start;
Starting MySQL. SUCCESS!
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] ps -ef | grep mysql
root 780 1 0 11:17 pts/0 00:00:00 /bin/sh /usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/bin/mysqld_safe --datadir=/data/mysql --pid-file=/data/mysql/mysql.pid
mysql 1020 780 0 11:17 pts/0 00:00:00 /usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/bin/mysqld --basedir=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64 --datadir=/data/mysql --plugin-dir=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/lib/plugin --user=mysql --log-error=/var/log/mariadb/mariadb.log --pid-file=/data/mysql/mysql.pid --socket=/tmp/mysql.sock --port=3306
  1. land mysql
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

newspaper 1045 (28000)

  1. Use skip-grant-tables Skip password authentication and start mysql;service mysql start --skip-grant-tables
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] service mysql stop; # Turn off the running mysql service 
Shutting down MySQL.. SUCCESS!
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] service mysql start --skip-grant-tables
Starting MySQL. SUCCESS!
  1. land mysql;mysql -u root -p; Enter your password and press enter
[[email protected] mysql-5.7.37-linux-glibc2.12-x86_64] mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.37 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
  1. see mysql Systematic user surface , Check whether the user is normal
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select user,authentication_string from user;
+---------------+-------------------------------------------+
| user | authentication_string |
+---------------+-------------------------------------------+
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysqld | *83D34C89B8E0F100D54C6D9276D357DB43E8779F |
+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
mysql>

Found that there was no root user , It's also deleted !
Use at this time Navicat Connect to the database , I was stunned !

 Insert picture description here

 Insert picture description here

  1. add to root user
    As reported –skip-grant-tables error , Then use flush privileges; Refresh the memory permissions .
mysql> grant all privileges on *.* to 'root'@'localhost' identified by '123456uiop&A';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all privileges on *.* to 'root'@'localhost' identified by '123456uiop&A';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql>

At this time, I also found root The user

mysql> select user,authentication_string from user;
+---------------+-------------------------------------------+
| user | authentication_string |
+---------------+-------------------------------------------+
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| root | *3B29E00DDA244F88EFCFCC3D20BE339E848EE5F3 |
| mysqld | *83D24C49B8E0F100D54C6D9274D357DB43E8779F |
+---------------+-------------------------------------------+
6 rows in set (0.00 sec)
mysql>
  1. to root Users add remote access rights
    to update user surface host Field , Refresh permission memory .
    host='%' On behalf of running all ip Make a remote connection ,host=‘xxx.xx.x.xx’ function ip:xxx.xx.x.xx Connect
mysql> select user,host from user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| mysqld | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)
mysql> update user set host='%' where user='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select user,host from user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| mysqld | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
+---------------+-----------+
rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>
  1. It's basically done , If there is data to be recovered , Can pass bin log Log to recover , Or from the library .

linux In the system mysql Configure environment variables

Modify the configuration file

vim /etc/profile

Enter the environment variable configuration

MYSQL_HOME=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64 # The installation path 
export PATH=PATH=$PATH:$MYSQL_HOME/bin
export PATH MYSQL_HOME

As shown in the figure :
 Insert picture description here

Reload the configuration file

source /etc/profile

So you can access the database anywhere , No need to go to the database bin The directory

mysql -u root -p
版权声明:本文为[Pie star who knows nothing]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2022/04/202204051505169086.html