mysql开放端口,如何破坏mysql
我曾经在Linux服务器(Ubuntu系统)上,安装了mysql服务,并且开放了 root的所有权限,外网也可以访问,很简单的密码123456,结果后来不知道什么缘故,数据库崩溃了,而且连接不上,导致不得不重装mysql,吸取经验教训后,新建了用户,并且不开放外网访问权限,而且使得新建的用户拥有刚刚好的权限,密码等都设置很复杂。通过查看error.log,看到了很多非法用户访问了我的数据库,特此想请教:这些“黑客”是怎么破坏我的数据库,就算第一步能够猜测出我root用户的密码,连接上数据库,然后可以干一些什么,来破坏我的数据库?或者有什么类似的书籍,可以推荐推荐,对于这方面,我还是完全的小白,希望大家帮忙解答
2017-06-02T19:10:15.136534Z 9 [Note] Aborted connection 9 to db: 'unconnected' user: 'root' host: '61.183.93.51' (Got an error reading communication packets)
2017-06-02T19:52:56.536963Z 184 [Warning] IP address '112.126.82.35' could not be resolved: Name or service not known
2017-06-02T19:52:56.785302Z 184 [Note] Access denied for user 'root'@'112.126.82.35' (using password: NO)
2017-06-02T19:52:57.622685Z 185 [Note] Access denied for user 'root'@'112.126.82.35' (using password: YES)
2017-06-02T19:52:58.443990Z 186 [Note] Access denied for user 'root'@'112.126.82.35' (using password: YES)
2017-06-02T19:52:59.211685Z 187 [Note] Access denied for user 'root'@'112.126.82.35' (using password: YES)
2017-06-02T19:53:00.038428Z 188 [Note] Access denied for user 'root'@'112.126.82.35' (using password: YES)
2017-06-03T00:14:58.529443Z 189 [Warning] IP address '222.134.193.2' could not be resolved: Name or service not known
2017-06-03T00:14:58.852414Z 189 [Note] Access denied for user 'root'@'222.134.193.2' (using password: YES)
2017-06-03T00:14:59.767211Z 190 [Note] Access denied for user 'root'@'222.134.193.2' (using password: YES)
2017-06-03T00:15:00.643125Z 191 [Note] Access denied for user 'root'@'222.134.193.2' (using password: YES)
2017-06-03T03:55:26.601587Z 192 [Warning] IP address '123.249.0.134' could not be resolved: Temporary failure in name resolution
2017-06-03T03:55:29.959503Z 192 [Note] Access denied for user 'root'@'123.249.0.134' (using password: NO)
2017-06-03T03:55:43.592666Z 193 [Warning] IP address '123.249.0.134' could not be resolved: Temporary failure in name resolution
2017-06-03T03:55:43.867721Z 193 [Note] Access denied for user 'root'@'123.249.0.134' (using password: YES)
2017-06-03T04:30:34.923291Z 0 [Note] Giving 1 client threads a chance to die gracefully
2017-06-03T04:30:34.923557Z 0 [Note] Shutting down slave threads
2017-06-03T04:30:36.923775Z 0 [Note] Forcefully disconnecting 0 remaining clients
2017-06-03T04:30:36.923795Z 0 [Note] Event Scheduler: Purging the queue. 0 events
2017-06-03T04:30:36.923836Z 0 [Note] Binlog end
2017-06-03T04:30:36.929073Z 0 [Note] Shutting down plugin 'ngram'
2017-06-03T04:30:36.929084Z 0 [Note] Shutting down plugin 'partition'
2017-06-03T04:30:36.929086Z 0 [Note] Shutting down plugin 'ARCHIVE'
2017-06-03T04:30:36.929089Z 0 [Note] Shutting down plugin 'BLACKHOLE'
2017-06-03T04:30:36.929091Z 0 [Note] Shutting down plugin 'PERFORMANCE_SCHEMA'
2017-06-03T04:30:36.929108Z 0 [Note] Shutting down plugin 'CSV'
2017-06-03T04:30:36.929118Z 0 [Note] Shutting down plugin 'MyISAM'
2017-06-03T04:30:36.929129Z 0 [Note] Shutting down plugin 'MRG_MYISAM'
2017-06-03T04:30:36.929132Z 0 [Note] Shutting down plugin 'MEMORY'
2017-06-03T04:30:36.929134Z 0 [Note] Shutting down plugin 'INNODB_SYS_VIRTUAL'
2017-06-03T04:30:36.929137Z 0 [Note] Shutting down plugin 'INNODB_SYS_DATAFILES'
2017-06-03T04:30:36.929139Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESPACES'
2017-06-03T04:30:36.929141Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN_COLS'
2017-06-03T04:30:36.929142Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN'
2017-06-03T04:30:36.929144Z 0 [Note] Shutting down plugin 'INNODB_SYS_FIELDS'
2017-06-03T04:30:36.929146Z 0 [Note] Shutting down plugin 'INNODB_SYS_COLUMNS'
2017-06-03T04:30:36.929148Z 0 [Note] Shutting down plugin 'INNODB_SYS_INDEXES'
2017-06-03T04:30:36.929149Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESTATS'
2017-06-03T04:30:36.929151Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLES'
2017-06-03T04:30:36.929153Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_TABLE'
2017-06-03T04:30:36.929154Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_CACHE'
2017-06-03T04:30:36.929156Z 0 [Note] Shutting down plugin 'INNODB_FT_CONFIG'
2017-06-03T04:30:36.929157Z 0 [Note] Shutting down plugin 'INNODB_FT_BEING_DELETED'
2017-06-03T04:30:36.929159Z 0 [Note] Shutting down plugin 'INNODB_FT_DELETED'
2017-06-03T04:30:36.929161Z 0 [Note] Shutting down plugin 'INNODB_FT_DEFAULT_STOPWORD'
2017-06-03T04:30:36.929162Z 0 [Note] Shutting down plugin 'INNODB_METRICS'
2017-06-03T04:30:36.929164Z 0 [Note] Shutting down plugin 'INNODB_TEMP_TABLE_INFO'
2017-06-03T04:30:36.929166Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_POOL_STATS'
2017-06-03T04:30:36.929167Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE_LRU'
2017-06-03T04:30:36.929169Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE'
2017-06-03T04:30:36.929171Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX_RESET'
2017-06-03T04:30:36.929172Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX'
2017-06-03T04:30:36.929174Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM_RESET'
2017-06-03T04:30:36.929176Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM'
2017-06-03T04:30:36.929177Z 0 [Note] Shutting down plugin 'INNODB_CMP_RESET'
2017-06-03T04:30:36.929179Z 0 [Note] Shutting down plugin 'INNODB_CMP'
2017-06-03T04:30:36.929181Z 0 [Note] Shutting down plugin 'INNODB_LOCK_WAITS'
2017-06-03T04:30:36.929183Z 0 [Note] Shutting down plugin 'INNODB_LOCKS'
2017-06-03T04:30:36.929185Z 0 [Note] Shutting down plugin 'INNODB_TRX'
2017-06-03T04:30:36.929188Z 0 [Note] Shutting down plugin 'InnoDB'
2017-06-03T04:30:36.929385Z 0 [Note] InnoDB: FTS optimize thread exiting.
2017-06-03T04:30:36.929440Z 0 [Note] InnoDB: Starting shutdown...
2017-06-03T04:30:37.029561Z 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
2017-06-03T04:30:37.031470Z 0 [Note] InnoDB: Buffer pool(s) dump completed at 170603 0:30:37
2017-06-03T04:30:38.434892Z 0 [Note] InnoDB: Shutdown completed; log sequence number 2811011
2017-06-03T04:30:38.436582Z 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2017-06-03T04:30:38.436591Z 0 [Note] Shutting down plugin 'sha256_password'
2017-06-03T04:30:38.436593Z 0 [Note] Shutting down plugin 'mysql_native_password'
2017-06-03T04:30:38.436686Z 0 [Note] Shutting down plugin 'binlog'
2017-06-03T04:30:38.437028Z 0 [Note] /usr/sbin/mysqld: Shutdown complete
2017-06-03T04:30:51.245428Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2017-06-03T04:30:51.246404Z 0 [Note] /usr/sbin/mysqld (mysqld 5.7.18) starting as process 284 ...
2017-06-03T04:30:51.248307Z 0 [Note] InnoDB: PUNCH HOLE support available
2017-06-03T04:30:51.248325Z 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2017-06-03T04:30:51.248328Z 0 [Note] InnoDB: Uses event mutexes
2017-06-03T04:30:51.248331Z 0 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier
2017-06-03T04:30:51.248340Z 0 [Note] InnoDB: Compressed tables use zlib 1.2.3
2017-06-03T04:30:51.248342Z 0 [Note] InnoDB: Using Linux native AIO
2017-06-03T04:30:51.248715Z 0 [Note] InnoDB: Number of pools: 1
2017-06-03T04:30:51.248789Z 0 [Note] InnoDB: Using CPU crc32 instructions
2017-06-03T04:30:51.249535Z 0 [Note] InnoDB: Initializing buffer pool, total size = 128M, instances = 1, chunk size = 128M
2017-06-03T04:30:51.254355Z 0 [Note] InnoDB: Completed initialization of buffer pool
2017-06-03T04:30:51.255453Z 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2017-06-03T04:30:51.266552Z 0 [Note] InnoDB: Highest supported file format is Barracuda.
2017-06-03T04:30:51.271173Z 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2017-06-03T04:30:51.271207Z 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2017-06-03T04:30:51.275955Z 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2017-06-03T04:30:51.276435Z 0 [Note] InnoDB: 96 redo rollback segment(s) found. 96 redo rollback segment(s) are active.
2017-06-03T04:30:51.276442Z 0 [Note] InnoDB: 32 non-redo rollback segment(s) are active.
2017-06-03T04:30:51.276622Z 0 [Note] InnoDB: Waiting for purge to start
2017-06-03T04:30:51.326752Z 0 [Note] InnoDB: 5.7.18 started; log sequence number 2811011
2017-06-03T04:30:51.326882Z 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool
2017-06-03T04:30:51.326997Z 0 [Note] Plugin 'FEDERATED' is disabled.
2017-06-03T04:30:51.328197Z 0 [Note] InnoDB: Buffer pool(s) load completed at 170603 0:30:51
2017-06-03T04:30:51.329795Z 0 [Note] Found ca.pem, server-cert.pem and server-key.pem in data directory. Trying to enable SSL support using them.
2017-06-03T04:30:51.329914Z 0 [Warning] CA certificate ca.pem is self signed.
2017-06-03T04:30:51.330900Z 0 [Note] Server hostname (bind-address): '*'; port: 3306
2017-06-03T04:30:51.330926Z 0 [Note] IPv6 is available.
2017-06-03T04:30:51.330932Z 0 [Note] - '::' resolves to '::';
2017-06-03T04:30:51.330939Z 0 [Note] Server socket created on IP: '::'.
2017-06-03T04:30:51.335159Z 0 [Note] Event Scheduler: Loaded 0 events
2017-06-03T04:30:51.335236Z 0 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.7.18' socket: '/var/run/mysqld/mysqld.sock' port: 3306 MySQL Community Server (GPL)
2017-06-03T04:30:51.335243Z 0 [Note] Executing 'SELECT * FROM INFORMATION_SCHEMA.TABLES;' to get a list of tables using the deprecated partition engine. You may use the startup option '--disable-partition-engine-check' to skip this check.
2017-06-03T04:30:51.335245Z 0 [Note] Beginning of list of non-natively partitioned tables
2017-06-03T04:30:51.340815Z 0 [Note] End of list of non-natively partitioned tables
2017-06-03T04:33:26.330159Z 3 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T04:33:36.966534Z 4 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T04:33:48.429292Z 5 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T04:34:11.914284Z 6 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T04:35:42.507762Z 7 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T04:36:09.545474Z 8 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T05:33:53.491224Z 10 [Warning] IP address '61.183.93.19' has been resolved to the host name '19.93.183.61.broad.wh.hb.dynamic.163data.com.cn', which resembles IPv4-address itself.
2017-06-03T06:44:43.843841Z 3 [Note] Aborted connection 3 to db: 'unconnected' user: 'root' host: '61.183.93.19' (Got timeout reading communication packets)
2017-06-03T06:53:39.062842Z 4 [Note] Aborted connection 4 to db: '×××××××××' user: 'root' host: '61.183.93.19' (Got timeout reading communication packets)
2017-06-03T06:53:58.975088Z 8 [Note] Aborted connection 8 to db: '×××××××××' user: 'root' host: '61.183.93.19' (Got timeout reading communication packets)如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
你好, 你所描述的问题是一个非常初级的 web黑 领域问题。
在暴露有公网权限的mysql数据库的情况下,黑客通常是无目的性地遍历全网ip地址进行端口扫描(最知名的工具非nmap莫属了,开源免费的),通过tcp连接当中的一些字段信息(被俗称指纹)来确定这是一个暴露在公网的mysql服务。
发现了mysql服务后,通常会猜测一些可能的username password排列组合,这在安全技术当中俗称暴破攻击,然后由于root admin这种username是使用的最多的,很多新手都会使用 因为是默认的,所以他们往往会猜测这些value。
然后你可能会问,那么密码他怎么知道该猜些什么? 网上其实流传有很多免费的密码字典,这些往往最初是从黑市上流传出来的,一般是一些大网站遭遇拖库攻击之后泄露的, 黑客一般会采取首先手动输入几个词 之后用自动化工具批量尝试密码。
再教你个小技巧,如果你也想搞一些密码字典来用, 除了去网上找这种字典之外,还有个更简单的办法, 就是故意开设一个公网mysql服务,端口设默认的3306, 故意引诱黑客来扫你, 然后在日志里去捕捞黑客们免费送给你的这些密码,去重后你就整理出了自己的一份密码字典~ 这个思路 在安全技术领域中 被称为“蜜罐”。
这些是比较入门级的 web黑客 伎俩,扫你端口的多半是些初学的脚本小子,如果说书籍推荐的话, 对于web黑客领域, 最为经典的应该当属 道哥的《白帽子讲web安全》 和 余弦的《web前端黑客技术揭秘》。
以上两本比较经典,还有些新书,买的话注意出版的年份 别买太早的。
希望能帮到你,有问题请留言或关注我 微博: https://weibo.com/u/5114485810 推特:https://twitter.com/zhu_yingda