mysql 資料庫被黑
2022年11月29日 下雨的一天, 準備對昨天的報錯內容進行處理, 開啟地址後 直接發現了報錯,奇怪的是昨天的錯誤 明明已經先註釋了鴨....居然還是報錯, 定睛一看報錯內容....1146, "Table 'mysite.staff_user' doesn't exist", 說是我的資料庫不存在, 這是真的麼... 感覺開啟Navicat 看下.
navicat 登入不上去...
隨後 遠端登陸 伺服器 看了下 資料庫裡 只有一張叫 README 表了
然後檢視這個表
原來是被黑了
由於自己mysql 使用者名稱 和 密碼 很簡單, 所以就被輕而易舉的破解了
查看了 log 發現 自己log 並沒有開啟
MariaDB [mysite]> SHOW GLOBAL VARIABLES LIKE '%log%'; +-----------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +-----------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------+ | aria_checkpoint_log_activity | 1048576 | | aria_log_file_size | 1073741824 | | aria_log_purge_type | immediate | | aria_sync_log_dir | NEWFILE | | back_log | 80 | | binlog_annotate_row_events | ON | | binlog_cache_size | 32768 | | binlog_checksum | CRC32 | | binlog_commit_wait_count | 0 | | binlog_commit_wait_usec | 100000 | | binlog_direct_non_transactional_updates | OFF | | binlog_file_cache_size | 16384 | | binlog_format | MIXED | | binlog_optimize_thread_scheduling | ON | | binlog_row_image | FULL | | binlog_stmt_cache_size | 32768 | | encrypt_binlog | OFF | | expire_logs_days | 0 | | general_log | OFF | | general_log_file | iZbp14zhiwnwqzvz2nijekZ.log | | gtid_binlog_pos | | | gtid_binlog_state | | | innodb_encrypt_log | OFF | | innodb_flush_log_at_timeout | 1 | | innodb_flush_log_at_trx_commit | 1 | | innodb_locks_unsafe_for_binlog | OFF | | innodb_log_buffer_size | 16777216 | | innodb_log_checksums | ON | | innodb_log_compressed_pages | ON | | innodb_log_file_size | 50331648 | | innodb_log_files_in_group | 2 | | innodb_log_group_home_dir | ./ | | innodb_log_optimize_ddl | OFF | | innodb_log_write_ahead_size | 8192 | | innodb_max_undo_log_size | 10485760 | | innodb_online_alter_log_max_size | 134217728 | | innodb_scrub_log | OFF | | innodb_scrub_log_speed | 256 | | innodb_undo_log_truncate | OFF | | innodb_undo_logs | 128 | | log_bin | OFF | | log_bin_basename | | | log_bin_compress | OFF | | log_bin_compress_min_len | 256 | | log_bin_index | | | log_bin_trust_function_creators | OFF | | log_disabled_statements | sp | | log_error | /var/log/mariadb/mariadb.log | | log_output | FILE | | log_queries_not_using_indexes | OFF | | log_slave_updates | OFF | | log_slow_admin_statements | ON | | log_slow_disabled_statements | sp | | log_slow_filter | admin,filesort,filesort_on_disk,filesort_priority_queue,full_join,full_scan,query_cache,query_cache_miss,tmp_table,tmp_table_on_disk | | log_slow_rate_limit | 1 | | log_slow_slave_statements | ON | | log_slow_verbosity | | | log_tc_size | 24576 | | log_warnings | 2 | | max_binlog_cache_size | 18446744073709547520 | | max_binlog_size | 1073741824 | | max_binlog_stmt_cache_size | 18446744073709547520 | | max_relay_log_size | 1073741824 | | read_binlog_speed_limit | 0 | | relay_log | | | relay_log_basename | | | relay_log_index | | | relay_log_info_file | relay-log.info | | relay_log_purge | ON | | relay_log_recovery | OFF | | relay_log_space_limit | 0 | | slow_query_log | OFF | | slow_query_log_file | iZbp14zhiwnwqzvz2nijekZ-slow.log | | sql_log_bin | ON | | sql_log_off | OFF | | sync_binlog | 0 | | sync_relay_log | 10000 | | sync_relay_log_info | 10000 | | wsrep_forced_binlog_format | NONE | | wsrep_log_conflicts | OFF | +-----------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------+ 80 rows in set (0.001 sec)
既然被黑了 那這個 mysql就不能用了(想重新安裝)
清除資料和解除安裝
1.停止服務
sudo systemctl stop mariadb.service
2.刪除資料
sudo rm -rf /etc/my.cnf.d
sudo rm /etc/my.cnf
sudo rm -rf /var/lib/mysql
3.解除安裝
sudo yum remove mariadb
4.安裝
sudo yum -y install mariadb mariadb-server
sudo systemctl start mariadb
sudo systemctl enable mariadb.service
# 設定密碼
sudo mysql_secure_installation
5.建立資料庫
create database mysite default charset utf8
6.配置binlog檔案
# 先檢視 mysql 預設的配置檔案位置
mysql --help|grep 'my.cnf'
# 把mariadb自帶的配置檔案 複製過去
/etc/my.cnf.d/mariadb-server.cnf
cp mariadb-server.cnf /etc/my.cnf
# 修改配置檔案
# 這邊配置的資料夾 需要 修改 資料夾的 所屬使用者和使用者組
chown -R mysql:mysql data
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock log-error=/var/log/mariadb/mariadb.log pid-file=/run/mariadb/mariadb.pid log-bin=/var/log/mariadb/data/bin-log/mariadb-log log-bin-index=/var/log/mariadb/data/bin-log/mariadb-log.index expire-logs-days=7 server-id=1 binlog-format=ROW
# 重啟
sudo systemctl restart mariadb.service
# 資料庫檢視 log_bin 是否開啟
show variables like '%log_bin%';