快捷導(dǎo)航

記一次mysql5.7測(cè)試數(shù)據(jù)庫(kù)被刪表的問題

更新時(shí)間：2023年11月04日 10:14:58 作者：葒脃坧頭

這篇文章主要介紹了記一次mysql5.7測(cè)試數(shù)據(jù)庫(kù)被刪表的問題,具有很好的參考價(jià)值,希望對(duì)大家有所幫助,如有錯(cuò)誤或未考慮完全的地方,望不吝賜教

問題描述

為了方便臨時(shí)測(cè)試，就用docker啟動(dòng)了一個(gè)mysql容器，插入了一些測(cè)試數(shù)據(jù)，用完之后端口（3306）忘了沒有關(guān)掉，被攻擊刪表（省的我自己刪了，哈哈），雖然是無(wú)用的數(shù)據(jù)，多少是個(gè)教訓(xùn)。

詳情如下

多了一個(gè)README_ADK庫(kù)，庫(kù)下一張README表，被刪的庫(kù)下表都被刪，多了一張README表

mysql攻擊表

內(nèi)容如下

mysql> select * from README\G;
*************************** 1. row ***************************
id: 1
readme: 以下數(shù)據(jù)庫(kù)已被刪除：blog, demo, school。我們有完整的備份。要恢復(fù)它，您必須向我們的比特幣地址bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5支付0.0075比特幣（BTC）。如果您需要證明，請(qǐng)通過以下電子郵件與我們聯(lián)系。 shao58@tutanota.com 。任何與付款無(wú)關(guān)的郵件都將被忽略！
BTC_address: bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5
email: shao58@tutanota.com

分析

從日志里分析，就是反復(fù)拿IP去嘗試：

2022-03-26T10:42:59.853033Z 515 [Warning] IP address '185.156.72.10' could not be resolved: Temporary failure in name resolution
2022-03-26T10:42:59.853301Z 515 [Note] Got packets out of order
2022-03-27T14:36:19.573519Z 519 [Warning] IP address '62.33.81.189' could not be resolved: Name or service not known
2022-03-27T14:36:23.135623Z 520 [Note] Aborted connection 520 to db: 'unconnected' user: 'root' host: '62.33.81.189' (Got an error reading communication packets)
2022-03-28T00:10:18.235145Z 521 [Warning] IP address '45.83.65.52' could not be resolved: Name or service not known
2022-03-28T00:10:19.050346Z 521 [Note] Got an error reading communication packets
2022-03-29T22:31:59.206892Z 526 [Warning] IP address '220.121.127.64' could not be resolved: Name or service not known
2022-03-29T22:31:59.207240Z 526 [Note] Got an error reading communication packets
2022-03-29T22:31:59.354422Z 527 [Warning] IP address '220.121.127.64' could not be resolved: Name or service not known

185.156.72.10
62.33.81.189
45.83.65.52
220.121.127.64

最后使用220.121.127.64嘗試密碼，賬號(hào)無(wú)非也就這幾個(gè)：root、admin、dbuser

2022-03-29T22:31:59.407115Z 527 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:31:59.567125Z 528 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:31:59.723754Z 529 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:31:59.880975Z 530 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.039118Z 531 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.193880Z 532 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.349970Z 533 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.500841Z 534 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.656205Z 535 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.811764Z 536 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:00.969093Z 537 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.133076Z 538 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.288671Z 539 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.442683Z 540 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.601783Z 541 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.761714Z 542 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:01.917840Z 543 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.075536Z 544 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.232366Z 545 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.385997Z 546 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.540069Z 547 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.693008Z 548 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:02.850661Z 549 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.008801Z 550 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.170984Z 551 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.334929Z 552 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.492659Z 553 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.651087Z 554 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.808426Z 555 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:03.963486Z 556 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.124605Z 557 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.283725Z 558 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.440768Z 559 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.596011Z 560 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:04.754289Z 561 [Note] Access denied for user 'root'@'220.121.127.64' (using password: NO)
2022-03-29T22:32:04.907366Z 562 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.060965Z 563 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.215070Z 564 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.371235Z 565 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.528679Z 566 [Note] Access denied for user 'dbuser'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.681098Z 567 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.838812Z 568 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:05.997501Z 569 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.153071Z 570 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.311484Z 571 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.468059Z 572 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.624770Z 573 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.781596Z 574 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:06.937078Z 575 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.094248Z 576 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.246081Z 577 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.403646Z 578 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.558726Z 579 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.717434Z 580 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:07.879938Z 581 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.040560Z 582 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.196426Z 583 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.351225Z 584 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.509896Z 585 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.671657Z 586 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: NO)
2022-03-29T22:32:08.834790Z 587 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:08.991720Z 588 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.150627Z 589 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.311116Z 590 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.465177Z 591 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.620654Z 592 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.772162Z 593 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:09.927748Z 594 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.082127Z 595 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.235722Z 596 [Note] Access denied for user 'root'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.389369Z 597 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)
2022-03-29T22:32:10.546182Z 598 [Note] Access denied for user 'admin'@'220.121.127.64' (using password: YES)