keeping out hackers
hello - (and THIS is embarrassing)
for the third time now, all my databases have mysteriously disappeared, and in there place there is a one column table called WARNING, with one column with an email address to send a bitcoin to in order to stop the hackers from publishing my stolen data.
i cannot figure out how they are getting in. i have removed all references to port 3306 from the firewall, and there are no outside users. here is my user list now (non-localhost)
SELECT Host, User FROM mysql.user where 1 and Host != 'localhost' ; +---------------+------+
| Host | User |
+---------------+------+
| 127.0.0.1 | root |
| ::1 | root |
| centos7.is.cc | root |
+---------------+------+ 3 rows in set (0.00 sec)
i have also done: grep 'DPT=3306' /var/log/messages
and blocked anybody who even tried to reach port 3306. nobody has recently.
any suggestions what else i might to to keep this from happening again?
Answer Answered by Ian Gilfillan in this comment.
You don't give any details on your setup, what's running, etc. but it's possible they're not coming in through the database, but have access to the machine itself. I suggest looking at resources on what to do in this case.
You can also look at things like the Audit Plugin to see how the queries are actually being run, from which account etc.
