记录一次数据库被黑

本文最后更新于1年前(2020-6-1 13:36:11),链接可能失效,内容可能难以复现。请注意甄别。

© Sunplace,2020
5月29日,当我打开本地数据库的时候,除一个数据库没有问题外,其余的数据库内的表已经被清空,只有一张warning表和里面的内容。另外新建了一个please_read_me_vvv的数据库。

mysql> use please_read_me_vvv
Database changed
mysql> show tables;
+------------------------------+
| Tables_in_please_read_me_vvv |
+------------------------------+
| warning |
+------------------------------+
1 row in set (0.01 sec)

mysql> select * from warning;
+----+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+--------------------------------+
| id | warning | Bitcoin_Address | Email |
+----+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+--------------------------------+
| 1 | To recover your lost Database and avoid leaking it: Send us 0.03 Bitcoin (BTC) to our Bitcoin address 1GkZpdfQdUQasnt12P9pSnx8sohm4NgqNQ and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: bbs, co_cms, oa, wordpress. If we dont receive your payment in the next 5 Days, we will make your database public or use them otherwise. | 1GkZpdfQdUQasnt12P9pSnx8sohm4NgqNQ | [email protected] |
+----+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+--------------------------------+
1 row in set (0.00 sec)

不过,相对“重要”的数据库没有受到影响。
事发之后,如何做?

  1. 打开mysql数据库的user表,只保留host为localhost的记录。
    update user set host='localhost' where user = 'root';
    delete from user where user != 'root';
    flush privileges;
  2. 查看自已是否打开了mysql的binlog。(引用)