linux云服务器下mysql5.7被被攻击,删表,被勒索怎么办

问题描述:
以下数据库已被删除:efo, xxx。 我们有完整的备份。 要恢复它,您必须向我们的XXX地址bc1qvrgtzc06w2rjdfx8p9u789edw56dj8ffqvrcr5支付0.0075 BXX。 如果您需要证明,请通过以下…
在这里插入图片描述

清明小长假打算登上我的腾讯云服务器搞点事,结果发现我的项目数据库貌似连不上了?what?

拿出了我的Navicat用root用户,密码123456访问我的mysql,发现报1045,难道输错密码了?接连试了所有的密码,全部失败。
在这里插入图片描述
登陆服务器
查看mysql进程; ps -ef | grep mysql
结果如下图,并没有mysql的进程。

[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64] ps -ef | grep mysql;
root       401 21612  0 11:14 pts/0    00:00:00 grep --color=auto mysql
  1. 启动mysql; service mysql start
[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64] service mysql start;
Starting MySQL. SUCCESS! 

[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64] ps -ef | grep mysql
root       780     1  0 11:17 pts/0    00:00:00 /bin/sh /usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/bin/mysqld_safe --datadir=/data/mysql --pid-file=/data/mysql/mysql.pid
mysql     1020   780  0 11:17 pts/0    00:00:00 /usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/bin/mysqld --basedir=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64 --datadir=/data/mysql --plugin-dir=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64/lib/plugin --user=mysql --log-error=/var/log/mariadb/mariadb.log --pid-file=/data/mysql/mysql.pid --socket=/tmp/mysql.sock --port=3306

  1. 登陆mysql
[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64]# mysql -u root -p
Enter password: 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

报1045 (28000)

  1. 使用skip-grant-tables跳过密码验证方式启动mysql;service mysql start --skip-grant-tables
[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64] service mysql stop; #先关闭运行中的mysql服务
Shutting down MySQL.. SUCCESS! 
[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64] service mysql start --skip-grant-tables
Starting MySQL. SUCCESS! 
  1. 登陆mysql;mysql -u root -p;密码随便输入回车
[root@VM-16-15-centos mysql-5.7.37-linux-glibc2.12-x86_64] mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.37 MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
  1. 查看mysql系统的user表,检查用户是否正常
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select user,authentication_string from user;
+---------------+-------------------------------------------+
| user          | authentication_string                     |
+---------------+-------------------------------------------+
| mysql.session | *THISISNOTAVALIDPASSWOR99HATCANBE0SEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSW8RDTHATCANBE7SEDHERE |
| mysqld        | *83D34C89B8E0F100D5476D9276D357DB4378779F |
+---------------+-------------------------------------------+
3 rows in set (0.00 sec)

mysql> 

发现并没有root用户,也被删了!
这时候用Navicat连接上数据库,给我惊呆了!

在这里插入图片描述

在这里插入图片描述

  1. 添加root用户
    如报–skip-grant-tables 错误,则使用flush privileges;刷新内存权限即可。
mysql>  grant all privileges on *.* to 'root'@'localhost' identified by '12fre56huop&A2';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on *.* to 'root'@'localhost' identified by '12fre56huop&A2';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> 

这时候也查到root用户了

mysql> select user,authentication_string from user;
+---------------+-------------------------------------------+
| user          | authentication_string                     |
+---------------+-------------------------------------------+
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| root          | *3B29E00DDA244F88EFCFCC3D2023439E848EE5F3 |
| mysqld        | *83D24C49B8E0F100D54C6D9274D357DB43E8779F |
+---------------+-------------------------------------------+
6 rows in set (0.00 sec)

mysql> 
  1. 给root用户添加远程访问权限
    更新user表host字段,刷新权限内存。
    host='%'代表运行所有ip进行远程连接,host=‘xxx.xx.x.xx’ 运行ip:xxx.xx.x.xx 连接
mysql> select user,host from user;
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| mysqld        | %         |
| mysql.session | localhost |
| mysql.sys     | localhost |
| root          | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)

mysql> update user set host='%' where user='root';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select user,host from user;
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| mysqld        | %         |
| root          | %         |
| mysql.session | localhost |
| mysql.sys     | localhost |
+---------------+-----------+
 rows in set (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> 
  1. 到这基本上大功告成了,如果有数据需要恢复的话,可以通过bin log日志来恢复,或者从库。

linux系统中给mysql配置环境变量

修改配置文件

vim /etc/profile

输入环境变量配置

MYSQL_HOME=/usr/local/mysql/mysql-5.7.37-linux-glibc2.12-x86_64 #安装路径

export PATH=PATH=$PATH:$MYSQL_HOME/bin

export PATH MYSQL_HOME

如图即可:
在这里插入图片描述

重新加载配置文件

source /etc/profile

这样就可以在任何地方进入数据库,不用到数据库bin目录下了

mysql -u root -p
  • 1
    点赞
  • 9
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值