文章讲述了作者的云服务器数据库因使用简单密码而被删除的经历,强调了设置复杂密码的重要性。作者通过排查确定问题源头,并重装数据库,加强了安全性。通过日志发现有多个IP尝试用常见用户名登录,进一步验证了安全威胁。作者建议加强防火墙规则,限制访问IP,并探讨了其他安全策略。
前言
如题,之前,自己买了一个云服务器,用来练手,然后搭了一个自己的网站部署了上去。本来也就是练练手,没想到前几天去用的时候发现死活登录不上去!第一感觉是就是有人删库跑路了,但tnnd删的是我的库!
你跑路就跑路,你删我的干嘛!
还好我本地有备份,在重新部署之前,我还是要确定一下是从哪里被删除的。
排查
登录线上的系统,发现项目的前端的登录界面,还是进的去的,也就是说项目的前端还存在。
再去到服务器上登录数据库
mysql -u root -p
也没问题,再查看一下项目用到的数据库
use pro1;
show tables;
得,为空。。。。。。。。。。。。。。。很明显数据库被删除了,除了MySQL基础的库表,其他的全被删了。。。
问题及解决
稍微看了下,好像确定了问题所在: 数据库用户名和密码太过简单。因为之前想着是个测试项目,所以用户名和密码设置得很简单
用户名:root
密码:root
定位到了问题所在,那就好解决了,但是由于这个数据库已经被人登陆过了,所以我还是决定重装一下。
重装之后,设置了更加复杂的密码(随机生成的十六位符号 + 数字 + 字母组合),后面就没遇到过什么问题了。
大家线上的数据库密码,一定要设置得复杂点!!!!!!!!!!!
后续
之后在配置了MySQL的错误日志文件之后,也捕获到一些相关信息。看了下好像都是用常用的账号和密码来尝试登录你的数据库。
如下:
2023-06-14T07:44:25.223949Z 242192 [Note] Access denied for user 'DB006'@'89.248.165.213' (using password: YES)
2023-06-14T07:44:29.095555Z 242193 [Note] Access denied for user 'nika'@'89.248.163.209' (using password: YES)
2023-06-14T07:45:38.535493Z 242194 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:46:40.028578Z 242195 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:47:45.348654Z 242196 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:48:45.610335Z 242197 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:49:10.571955Z 242198 [Note] Access denied for user 'root'@'89.248.165.55' (using password: YES)
2023-06-14T07:49:51.044373Z 242200 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:49:51.133470Z 242199 [Note] Access denied for user 'vice'@'89.248.163.202' (using password: YES)
2023-06-14T07:50:53.705617Z 242201 [Note] Access denied for user 'HSDB_016'@'89.248.165.213' (using password: YES)
2023-06-14T07:51:13.150742Z 242202 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:52:30.368740Z 242203 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:53:38.195831Z 242204 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
2023-06-14T07:54:45.190564Z 242205 [Note] Access denied for user 'admin'@'89.248.163.209' (using password: YES)
2023-06-14T07:55:34.204552Z 242206 [Note] Access denied for user 'root'@'89.248.165.55' (using password: YES)
2023-06-14T07:56:01.983879Z 242207 [Note] Access denied for user 'test'@'89.248.163.209' (using password: YES)
2023-06-14T07:57:08.579189Z 242208 [Note] Access denied for user 'admin'@'89.248.163.209' (using password: YES)
2023-06-14T07:57:34.680510Z 242209 [Note] Access denied for user 'root'@'89.248.165.213' (using password: YES)
2023-06-14T07:57:41.957525Z 242210 [Note] Access denied for user 'CeTest'@'89.248.163.202' (using password: YES)
2023-06-14T07:58:14.433312Z 242211 [Note] Access denied for user 'root'@'89.248.163.209' (using password: YES)
可以看到这狗东西用不同的用户名在连接我的数据库,所以可见简单的用户名和密码有多么的不安全。
查了下,上面的ip地址显示是国外,感觉是挂了VPN
当然也有国内的
2023-05-06T04:35:55.729884Z 45712 [Note] Access denied for user 'root'@'103.53.211.253' (using password: NO)
2023-05-06T04:35:55.807608Z 45713 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:55.887667Z 45714 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:55.989178Z 45715 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.065061Z 45716 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.153048Z 45717 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.257673Z 45718 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.334899Z 45719 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.410172Z 45720 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.509127Z 45721 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.585403Z 45722 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
2023-05-06T04:35:56.665463Z 45723 [Note] Access denied for user 'root'@'103.53.211.253' (using password: YES)
这个显示在北京
不过无所谓,我会给他们都加到我的防火墙里面。
你来多少我给你屏蔽多少!实在不行 我就仅允许我自己常用的ip访问!
当然还有别的方法,比如使用ipset,修改MySQL的端口为其他不常用的端口号等等。方法很多,大家就酌情选择了。
扫一扫
1627
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
