face a database experience
As an operations engineer, usually for the online server is very important, even if there is a hardware firewall, and then the system has also done further optimization, but also installed the basic protection software, the server half a year has not been any problems. But I am not very important to other servers are usually just simple maintenance. Because usually there is no problem, so I became more lazy, finally one day, the face of the matter appeared ....
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7D/53/wKiom1bmJPOD0hOnAACg6O6pAHk381.png "title=" 6.png " alt= "Wkiom1bmjpod0honaacg6o6pahk381.png"/>
Early in the morning, look at the mail alarm, said what monitoring server was someone else SQL injection, there is virus recommended cleanup
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M00/7D/52/wKiom1bmImqRDKqJAABQxHB8t0o656.png "title=" 3.png " alt= "Wkiom1bmimqrdkqjaabqxhb8t0o656.png"/>
See above the content, my mood now is a long time can not calm, too dozen face. More irritating is which fuck, OK, recognize.
Do not want that upset thing, solve the problem. First I think of is whether someone landed my system, but a think, my firewall strategy is very strict, should not. There is no problem viewing the logs. The problem then shifted to the database. It's not a database authorization, isn't it? OK, log in to the database to check the authorization form, brother stayed, usually only think of system aspects, incredibly did not pay attention to the database licensing aspects. (I did not strictly write a firewall policy for MySQL, because it is just a monitoring server, careless)
1, so, I deleted the alarm virus (the first step)
2, login database to improve the authorization.
#drop user ' @ ' localhost ';
#drop user ' @ ' localhos.localdomain ';
drop user [email protected] ';
drop user [email protected] '% ';
This is because the mandate is not strictly, caused by the problem. Be sure to check the authorization form, disable root without password login, etc.
3. Change the password of the root connection data
4. Re-check the presence of viruses with security software
5, Strict modification strategy
Although the above has been done to protect measures, but the more powerful hackers will leave the back door, so, although the problem solved, but usually also pay attention to a good server security review.
Summary: For me, this is a face-beating experience, operation and maintenance personnel do not feel that is not particularly important server (especially production data) is not so much attention, this is a very bad habit, many good habits are slowly developed, bad habits are also. Only do a good job in peacetime life and work of small things, can be done to seriously treat every thing. At the same time also hope that they recognize their own mistakes and can be strictly treated, and strive to correct, to do a technically not only a strong, a good person for the life of a man.
Share with you, write bad, understand the meaning is good!
This article is from the "Brother to share" blog, please be sure to keep this source http://renzhiyuan.blog.51cto.com/10433137/1750800
MySQL was injected by SQL a face-beating experience