记一次mysql5.7测试数据库被删表的问题

 更新时间:2023年11月04日 10:14:58   作者:葒脃坧頭  
这篇文章主要介绍了记一次mysql5.7测试数据库被删表的问题,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教


问题描述

为了方便临时测试,就用docker启动了一个mysql容器,插入了一些测试数据,用完之后端口(3306)忘了没有关掉,被攻击删表(省的我自己删了,哈哈),虽然是无用的数据,多少是个教训。


详情如下

多了一个README_ADK库,库下一张README表,被删的库下表都被删,多了一张README表

mysql攻击表

内容如下

mysql> select * from README\G;
*************************** 1. row ***************************
         id: 1
     readme: 以下数据库已被删除:blog, demo, school。 我们有完整的备份。 要恢复它,您必须向我们的比特币地址bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5支付0.0075比特币(BTC)。 如果您需要证明,请通过以下电子邮件与我们联系。 shao58@tutanota.com 。 任何与付款无关的邮件都将被忽略!
BTC_address: bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5
      email: shao58@tutanota.com

分析

从日志里分析,就是反复拿IP去尝试:

2022-03-26T10:42:59.853033Z 515 [Warning] IP address '185.156.72.10' could not be resolved: Temporary failure in name resolution
2022-03-26T10:42:59.853301Z 515 [Note] Got packets out of order
2022-03-27T14:36:19.573519Z 519 [Warning] IP address '62.33.81.189' could not be resolved: Name or service not known
2022-03-27T14:36:23.135623Z 520 [Note] Aborted connection 520 to db: 'unconnected' user: 'root' host: '62.33.81.189' (Got an error reading communication packets)
2022-03-28T00:10:18.235145Z 521 [Warning] IP address '45.83.65.52' could not be resolved: Name or service not known
2022-03-28T00:10:19.050346Z 521 [Note] Got an error reading communication packets
2022-03-29T22:31:59.206892Z 526 [Warning] IP address '220.121.127.64' could not be resolved: Name or service not known
2022-03-29T22:31:59.207240Z 526 [Note] Got an error reading communication packets
2022-03-29T22:31:59.354422Z 527 [Warning] IP address '220.121.127.64' could not be resolved: Name or service not known

185.156.72.10
62.33.81.189
45.83.65.52
220.121.127.64

最后使用220.121.127.64尝试密码,账号无非也就这几个:root、admin、dbuser

2022-03-29T22:31:59.407115Z 527 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:31:59.567125Z 528 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:31:59.723754Z 529 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:31:59.880975Z 530 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.039118Z 531 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.193880Z 532 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.349970Z 533 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.500841Z 534 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.656205Z 535 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.811764Z 536 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.969093Z 537 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.133076Z 538 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.288671Z 539 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.442683Z 540 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.601783Z 541 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.761714Z 542 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.917840Z 543 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.075536Z 544 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.232366Z 545 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.385997Z 546 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.540069Z 547 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.693008Z 548 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.850661Z 549 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.008801Z 550 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.170984Z 551 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.334929Z 552 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.492659Z 553 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.651087Z 554 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.808426Z 555 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.963486Z 556 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.124605Z 557 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.283725Z 558 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.440768Z 559 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.596011Z 560 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.754289Z 561 [Note] Access denied for user 'root'@'220.121.127.64' (using password: NO)
2022-03-29T22:32:04.907366Z 562 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.060965Z 563 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.215070Z 564 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.371235Z 565 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.528679Z 566 [Note] Access denied for user 'dbuser'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.681098Z 567 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.838812Z 568 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.997501Z 569 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.153071Z 570 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.311484Z 571 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.468059Z 572 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.624770Z 573 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.781596Z 574 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.937078Z 575 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.094248Z 576 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.246081Z 577 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.403646Z 578 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.558726Z 579 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.717434Z 580 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.879938Z 581 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.040560Z 582 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.196426Z 583 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.351225Z 584 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.509896Z 585 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.671657Z 586 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: NO)
2022-03-29T22:32:08.834790Z 587 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.991720Z 588 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.150627Z 589 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.311116Z 590 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.465177Z 591 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.620654Z 592 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.772162Z 593 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.927748Z 594 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.082127Z 595 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.235722Z 596 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.389369Z 597 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.546182Z 598 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)

总结

数据库可以避免%用户,若需要%用户,可避免这几个用户名,密码尽量复杂(https://suijimimashengcheng.bmcx.com随机密码,避免密码:root,admin,123此类的易出现的密码)。

端口可以加指定白名单访问,常用的端口可以用别的端口替代,如22端口用8822,3306用13306代替等。

以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。

相关文章

  • 删除MySQL表中重复数据详解

    删除MySQL表中重复数据详解

    这篇文章主要为大家介绍了删除MySQL表中重复数据详解,有需要的朋友可以借鉴参考下,希望能够有所帮助,祝大家多多进步,早日升职加薪
    2023-06-06
  • MySQL中的多表查询与事务操作

    MySQL中的多表查询与事务操作

    这篇文章主要介绍了MySQL中的多表查询与事务操作,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教
    2024-03-03
  • MySQL如何获取当前时间与日期间隔

    MySQL如何获取当前时间与日期间隔

    这篇文章主要介绍了MySQL如何获取当前时间与日期间隔问题,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教
    2024-01-01
  • 为什么说MySQL单表数据不要超过500万行

    为什么说MySQL单表数据不要超过500万行

    在本篇文章里小编给大家整理了一篇关于为什么说MySQL单表数据不要超过500万行的相关内容,有兴趣的朋友们阅读下吧。
    2019-06-06
  • mysql触发器之触发器的增删改查操作示例

    mysql触发器之触发器的增删改查操作示例

    这篇文章主要介绍了mysql触发器之触发器的增删改查操作,结合实例形式分析了mysql触发器的定义及使用触发器进行增删改查等相关操作技巧,需要的朋友可以参考下
    2019-12-12
  • DBeaver如何实现导入excel中的大量数据

    DBeaver如何实现导入excel中的大量数据

    使用DBeaver导入Excel数据需先将文件转换为CSV格式,详细步骤包括:将Excel文件另存为CSV,确保列名与数据库表字段对应,然后在DBeaver中创建表和导入CSV文件,注意选择正确的编码格式以防中文乱码
    2024-10-10
  • mysql 卡死 大部分线程长时间处于sending data的状态

    mysql 卡死 大部分线程长时间处于sending data的状态

    首先说明一下,这是个无头的案子,虽然问题貌似解决了,不过到现在我也没有答案,只是把这个问题拿出来晾晾
    2008-11-11
  • MySQL约束和表的复杂查询操作大全

    MySQL约束和表的复杂查询操作大全

    约束是关系型数据库的一个重要功能, 添加到库中的数据需要保证其的正确性; 约束, 就是让数据库帮助程序员更好的检查数据是否正确.,这篇文章主要介绍了MySQL约束和表的复杂查询操作,需要的朋友可以参考下
    2022-11-11
  • mysql kill进程后出现killed死锁问题及解决

    mysql kill进程后出现killed死锁问题及解决

    这篇文章主要介绍了mysql kill进程后出现killed死锁问题及解决方案,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教
    2024-01-01
  • MySQL回表产生的原因和场景

    MySQL回表产生的原因和场景

    在MySQL数据库中,回表(Look Up)指的是在进行索引查询时,首先通过索引定位到对应页,然后再根据行的物理地址找到所需的数据行,本文给大家介绍了MySQL回表是什么以及哪些情况下会回表,需要的朋友可以参考下
    2023-11-11

最新评论