This is the case , Recently, the company has cooperated with Huawei , A large number of Kunpeng cloud servers have been allocated , In order to verify the compatibility of the project on domestic servers and obtain Huawei certification , So the product was moved to Kunpeng cloud for testing , Database assigned to 16 nucleus 32G Server for , Think of it very awesome. , But Kun Peng Yun is arm framework , Less ecology , All installations have to be compiled , With the support of Huawei's small partners , Although it took some time , Fortunately, the final service was successfully deployed , Congratulations .
A few days ago, my colleagues told me that the service could not be logged in , One of the two services did not respond to login , A login directly reported an error , I thought about it. Other people don't know the server information except me , There should be no problem in theory , So I went to the background to check the log , Found a lot of sql abnormal , So open the database , Tragedy happened !!!
With a nervous and excited mood （ Never seen the world ）
First of all, the database tables are gone , Only one remains warning surface , One more please_read_me_vvv Database for
open warning surface
Copied warning In the content to Baidu translation , Realized it was blackmail !!!
To recover your lost Database and avoid leaking it: Send us 0.035 Bitcoin
(BTC) to our Bitcoin address 1GkZpdfQdUQasnt12P9pSnx8sohm4NgqNQ and contact us
by Email with your Server IP or Domain name and a Proof of Payment. If you are
unsure if we have your......
Fortunately, there is a backup , And the service has just been deployed , We haven't started testing yet
But the problem has to be solved , The intention is to enhance the strength of the password
Accidental debugging today , Discover the etc/my.cnf A configuration of
Skip database permission validation , Remote login mysql The database can be accessed by any password , Who do you think I won't be black , Comment out the configuration and restart mysql
Think it over , I never found the problem , On the one hand, they always use it SSH Channel , although mysql The server is configured with a public network IP, But the connection never worked , On the other hand, I have never suffered a loss , Didn't realize it was going to happen .
It was open before mysql Remote connection rights to all IP address , Now it's closed , The steps are as follows ：
* use root The user logs in to the database
* use mysql choice mysql database
* revoke all privileges on *.* from 'root'@'%'; Withdrawal of authority
* delete from user where User="root" and Host="%"; delete user
* flush privileges; Refresh
Can be opened mysql Remote connection permission is assigned to IP Or open it up to all IP Set a password with high complexity , as follows
Would you root use root Connect from any host to mysql Server .
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT
If you want to allow users myuser from ip by 192.168.1.64 Host connected to mysql The server , And use root As password
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.64' IDENTIFIED BY 'root'
WITH GRANT OPTION;
Enter the command :FLUSH PRIVILEGES;
I hope you can take warning , Don't let this tragedy happen again , We must pay attention to and strengthen the security of the deployed public network services .