记一次mysql5.7测试数据库被删表的问题
问题描述
为了方便临时测试,就用docker启动了一个mysql容器,插入了一些测试数据,用完之后端口(3306)忘了没有关掉,被攻击删表(省的我自己删了,哈哈),虽然是无用的数据,多少是个教训。
详情如下
多了一个README_ADK库,库下一张README表,被删的库下表都被删,多了一张README表
内容如下
mysql> select * from README\G;
*************************** 1. row ***************************
id: 1
readme: 以下数据库已被删除:blog, demo, school。 我们有完整的备份。 要恢复它,您必须向我们的比特币地址bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5支付0.0075比特币(BTC)。 如果您需要证明,请通过以下电子邮件与我们联系。 shao58@tutanota.com 。 任何与付款无关的邮件都将被忽略!
BTC_address: bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5
email: shao58@tutanota.com
分析
从日志里分析,就是反复拿IP去尝试:
2022-03-26T10:42:59.853033Z 515 [Warning] IP address '185.156.72.10' could not be resolved: Temporary failure in name resolution
2022-03-26T10:42:59.853301Z 515 [Note] Got packets out of order
2022-03-27T14:36:19.573519Z 519 [Warning] IP address '62.33.81.189' could not be resolved: Name or service not known
2022-03-27T14:36:23.135623Z 520 [Note] Aborted connection 520 to db: 'unconnected' user: 'root' host: '62.33.81.189' (Got an error reading communication packets)
2022-03-28T00:10:18.235145Z 521 [Warning] IP address '45.83.65.52' could not be resolved: Name or service not known
2022-03-28T00:10:19.050346Z 521 [Note] Got an error reading communication packets
2022-03-29T22:31:59.206892Z 526 [Warning] IP address '220.121.127.64' could not be resolved: Name or service not known
2022-03-29T22:31:59.207240Z 526 [Note] Got an error reading communication packets
2022-03-29T22:31:59.354422Z 527 [Warning] IP address '220.121.127.64' could not be resolved: Name or service not known
185.156.72.10 62.33.81.189 45.83.65.52 220.121.127.64
最后使用220.121.127.64尝试密码,账号无非也就这几个:root、admin、dbuser
2022-03-29T22:31:59.407115Z 527 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:31:59.567125Z 528 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:31:59.723754Z 529 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:31:59.880975Z 530 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.039118Z 531 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.193880Z 532 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.349970Z 533 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.500841Z 534 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.656205Z 535 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.811764Z 536 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:00.969093Z 537 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:01.133076Z 538 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:01.288671Z 539 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:01.442683Z 540 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:01.601783Z 541 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:01.761714Z 542 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:01.917840Z 543 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:02.075536Z 544 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:02.232366Z 545 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:02.385997Z 546 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:02.540069Z 547 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:02.693008Z 548 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:02.850661Z 549 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.008801Z 550 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.170984Z 551 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.334929Z 552 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.492659Z 553 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.651087Z 554 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.808426Z 555 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:03.963486Z 556 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:04.124605Z 557 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:04.283725Z 558 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:04.440768Z 559 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:04.596011Z 560 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:04.754289Z 561 [Note] Access denied for user 'root'@'220.121.127.64' (using password: NO) 2022-03-29T22:32:04.907366Z 562 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.060965Z 563 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.215070Z 564 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.371235Z 565 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.528679Z 566 [Note] Access denied for user 'dbuser'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.681098Z 567 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.838812Z 568 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:05.997501Z 569 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:06.153071Z 570 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:06.311484Z 571 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:06.468059Z 572 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:06.624770Z 573 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:06.781596Z 574 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:06.937078Z 575 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:07.094248Z 576 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:07.246081Z 577 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:07.403646Z 578 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:07.558726Z 579 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:07.717434Z 580 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:07.879938Z 581 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:08.040560Z 582 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:08.196426Z 583 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:08.351225Z 584 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:08.509896Z 585 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:08.671657Z 586 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: NO) 2022-03-29T22:32:08.834790Z 587 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:08.991720Z 588 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:09.150627Z 589 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:09.311116Z 590 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:09.465177Z 591 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:09.620654Z 592 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:09.772162Z 593 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:09.927748Z 594 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:10.082127Z 595 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:10.235722Z 596 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:10.389369Z 597 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES) 2022-03-29T22:32:10.546182Z 598 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
总结
数据库可以避免%用户,若需要%用户,可避免这几个用户名,密码尽量复杂(https://suijimimashengcheng.bmcx.com随机密码,避免密码:root,admin,123此类的易出现的密码)。
端口可以加指定白名单访问,常用的端口可以用别的端口替代,如22端口用8822,3306用13306代替等。
以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。
相关文章
mysql 卡死 大部分线程长时间处于sending data的状态
首先说明一下,这是个无头的案子,虽然问题貌似解决了,不过到现在我也没有答案,只是把这个问题拿出来晾晾2008-11-11
最新评论