This is a read-only copy of the MariaDB Knowledgebase generated on 2024-11-16. For the latest, interactive version please visit https://mariadb.com/kb/.

keeping out hackers

hello - (and THIS is embarrassing)

for the third time now, all my databases have mysteriously disappeared, and in there place there is a one column table called WARNING, with one column with an email address to send a bitcoin to in order to stop the hackers from publishing my stolen data.

i cannot figure out how they are getting in. i have removed all references to port 3306 from the firewall, and there are no outside users. here is my user list now (non-localhost)

SELECT Host, User FROM mysql.user where 1 and Host != 'localhost' ; +---------------+------+

HostUser

+---------------+------+

127.0.0.1root
::1root
centos7.is.ccroot

+---------------+------+ 3 rows in set (0.00 sec)

i have also done: grep 'DPT=3306' /var/log/messages

and blocked anybody who even tried to reach port 3306. nobody has recently.

any suggestions what else i might to to keep this from happening again?

Answer Answered by Ian Gilfillan in this comment.

You don't give any details on your setup, what's running, etc. but it's possible they're not coming in through the database, but have access to the machine itself. I suggest looking at resources on what to do in this case.

You can also look at things like the Audit Plugin to see how the queries are actually being run, from which account etc.

Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.