This is the case , Recently, the company has cooperated with Huawei , A large number of Kunpeng cloud servers have been allocated , In order to verify the compatibility of the project on domestic servers and obtain Huawei certification , So the product was moved to Kunpeng cloud for testing , Database assigned to 16 nucleus 32G Server for , Think of it very awesome. , But Kun Peng Yun is arm framework , Less ecology , All installations have to be compiled , With the support of Huawei's small partners , Although it took some time , Fortunately, the final service was successfully deployed , Congratulations .

A few days ago, my colleagues told me that the service could not be logged in , One of the two services did not respond to login , A login directly reported an error , I thought about it. Other people don't know the server information except me , There should be no problem in theory , So I went to the background to check the log , Found a lot of sql abnormal , So open the database , Tragedy happened !!!

With a nervous and excited mood ( Never seen the world )

First of all, the database tables are gone , Only one remains warning surface , One more please_read_me_vvv Database for

    open warning surface

Copied warning In the content to Baidu translation , Realized it was blackmail !!!

To recover your lost Database and avoid leaking it: Send us 0.035 Bitcoin
(BTC) to our Bitcoin address 1GkZpdfQdUQasnt12P9pSnx8sohm4NgqNQ and contact us
by Email with your Server IP or Domain name and a Proof of Payment. If you are
unsure if we have your......

Fortunately, there is a backup , And the service has just been deployed , We haven't started testing yet

But the problem has to be solved , The intention is to enhance the strength of the password

Accidental debugging today , Discover the etc/my.cnf A configuration of

skip-grant-tables

Skip database permission validation , Remote login mysql The database can be accessed by any password , Who do you think I won't be black , Comment out the configuration and restart mysql

Think it over , I never found the problem , On the one hand, they always use it SSH Channel , although mysql The server is configured with a public network IP, But the connection never worked , On the other hand, I have never suffered a loss , Didn't realize it was going to happen .

It was open before mysql Remote connection rights to all IP address , Now it's closed , The steps are as follows :

* use root The user logs in to the database
* use mysql choice mysql database
* revoke all privileges on *.* from 'root'@'%'; Withdrawal of authority
* delete from user where User="root" and Host="%"; delete user
* flush privileges;     Refresh
Can be opened mysql Remote connection permission is assigned to IP Or open it up to all IP Set a password with high complexity , as follows

Would you root use root Connect from any host to mysql Server . 
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT
OPTION; 
If you want to allow users myuser from ip by 192.168.1.64 Host connected to mysql The server , And use root As password  
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.64' IDENTIFIED BY 'root'
WITH GRANT OPTION; 

Enter the command :FLUSH PRIVILEGES; 

I hope you can take warning , Don't let this tragedy happen again , We must pay attention to and strengthen the security of the deployed public network services .

Technology
©2019-2020 Toolsou All rights reserved,
Final review of database : Summary of comprehensive application questions Laplance operator ( Second derivative ) Simple learning of computer composition principle pyqt Button call python program _PyQt: Link button to function in program How much can you go up once you change jobs ? Today, I saw the ceiling of job hopping python in str Function usage _python in str Usage Summary of built-in functions MySQL trigger web The server nginx---linux Installation and deployment C++ Chapter V polymorphism exercises :( It's coming to an end )python Check built-in functions , How to check python Built in function