mysql 数据库被黑后的一天
2022年11月29日 下雨的一天, 准备对昨天的报错内容进行处理, 打开地址后 直接发现了报错,奇怪的是昨天的错误 明明已经先注释了鸭....居然还是报错, 定睛一看报错内容....1146, "Table 'mysite.staff_user' doesn't exist", 说是我的数据库不存在, 这是真的么... 感觉打开Navicat 看下.
navicat 登录不上去...
随后 远程登陆 服务器 看了下 数据库里 只有一张叫 README 表了
然后查看这个表
原来是被黑了
由于自己mysql 用户名 和 密码 很简单, 所以就被轻而易举的破解了
查看了 log 发现 自己log 并没有开启
MariaDB [mysite]> SHOW GLOBAL VARIABLES LIKE '%log%'; +-----------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-----------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------+ | aria_checkpoint_log_activity | 1048576 | | aria_log_file_size | 1073741824 | | aria_log_purge_type | immediate | | aria_sync_log_dir | NEWFILE | | back_log | 80 | | binlog_annotate_row_events | ON | | binlog_cache_size | 32768 | | binlog_checksum | CRC32 | | binlog_commit_wait_count | 0 | | binlog_commit_wait_usec | 100000 | | binlog_direct_non_transactional_updates | OFF | | binlog_file_cache_size | 16384 | | binlog_format | MIXED | | binlog_optimize_thread_scheduling | ON | | binlog_row_image | FULL | | binlog_stmt_cache_size | 32768 | | encrypt_binlog | OFF | | expire_logs_days | 0 | | general_log | OFF | | general_log_file | iZbp14zhiwnwqzvz2nijekZ.log | | gtid_binlog_pos | | | gtid_binlog_state | | | innodb_encrypt_log | OFF | | innodb_flush_log_at_timeout | 1 | | innodb_flush_log_at_trx_commit | 1 | | innodb_locks_unsafe_for_binlog | OFF | | innodb_log_buffer_size | 16777216 | | innodb_log_checksums | ON | | innodb_log_compressed_pages | ON | | innodb_log_file_size | 50331648 | | innodb_log_files_in_group | 2 | | innodb_log_group_home_dir | ./ | | innodb_log_optimize_ddl | OFF | | innodb_log_write_ahead_size | 8192 | | innodb_max_undo_log_size | 10485760 | | innodb_online_alter_log_max_size | 134217728 | | innodb_scrub_log | OFF | | innodb_scrub_log_speed | 256 | | innodb_undo_log_truncate | OFF | | innodb_undo_logs | 128 | | log_bin | OFF | | log_bin_basename | | | log_bin_compress | OFF | | log_bin_compress_min_len | 256 | | log_bin_index | | | log_bin_trust_function_creators | OFF | | log_disabled_statements | sp | | log_error | /var/log/mariadb/mariadb.log | | log_output | FILE | | log_queries_not_using_indexes | OFF | | log_slave_updates | OFF | | log_slow_admin_statements | ON | | log_slow_disabled_statements | sp | | log_slow_filter | admin,filesort,filesort_on_disk,filesort_priority_queue,full_join,full_scan,query_cache,query_cache_miss,tmp_table,tmp_table_on_disk | | log_slow_rate_limit | 1 | | log_slow_slave_statements | ON | | log_slow_verbosity | | | log_tc_size | 24576 | | log_warnings | 2 | | max_binlog_cache_size | 18446744073709547520 | | max_binlog_size | 1073741824 | | max_binlog_stmt_cache_size | 18446744073709547520 | | max_relay_log_size | 1073741824 | | read_binlog_speed_limit | 0 | | relay_log | | | relay_log_basename | | | relay_log_index | | | relay_log_info_file | relay-log.info | | relay_log_purge | ON | | relay_log_recovery | OFF | | relay_log_space_limit | 0 | | slow_query_log | OFF | | slow_query_log_file | iZbp14zhiwnwqzvz2nijekZ-slow.log | | sql_log_bin | ON | | sql_log_off | OFF | | sync_binlog | 0 | | sync_relay_log | 10000 | | sync_relay_log_info | 10000 | | wsrep_forced_binlog_format | NONE | | wsrep_log_conflicts | OFF | +-----------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------+ 80 rows in set (0.001 sec)
既然被黑了 那这个 mysql就不能用了(想重新安装)
清除数据和卸载
1.停止服务
sudo systemctl stop mariadb.service
2.删除数据
sudo rm -rf /etc/my.cnf.d
sudo rm /etc/my.cnf
sudo rm -rf /var/lib/mysql
3.卸载
sudo yum remove mariadb
4.安装
sudo yum -y install mariadb mariadb-server
sudo systemctl start mariadb
sudo systemctl enable mariadb.service
# 设置密码
sudo mysql_secure_installation
5.创建数据库
create database mysite default charset utf8
6.配置binlog文件
# 先查看 mysql 默认的配置文件位置
mysql --help|grep 'my.cnf'
# 把mariadb自带的配置文件 复制过去
/etc/my.cnf.d/mariadb-server.cnf
cp mariadb-server.cnf /etc/my.cnf
# 修改配置文件
# 这边配置的文件夹 需要 修改 文件夹的 所属用户和用户组
chown -R mysql:mysql data
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/var/log/mariadb/mariadb.log pid-file=/run/mariadb/mariadb.pid log-bin=/var/log/mariadb/data/bin-log/mariadb-log log-bin-index=/var/log/mariadb/data/bin-log/mariadb-log.index expire-logs-days=7 server-id=1 binlog-format=ROW
# 重启
sudo systemctl restart mariadb.service
# 数据库查看 log_bin 是否开启
show variables like '%log_bin%';
# 设置可以远程访问
select User,authentication_string,Host from user;
grant all privilege on *.* to 'root'@'%' identified by 'password' whth grant option;
