数据库被黑客删除并勒索0.0125比特币,分析原因总结经验避免再次发生
一直关注开发,对数据的安全和备份确实有失关注了,还好只是测试数据,但是被黑客攻击这一经历,给我敲响了警钟,让我意识到网络世界中要保护信息的安全。于是针对于此,做了很多数据库安全加固,给大家做个分享。
·
目录
1、导读
大家好,我是hacynn。
最近一段时间,我在开发一个个人项目,这两天完成了首尾工作后,就将项目进行了部署。因为本人目前还是学生嘛,加上又只是个人项目,想着应该没有人会惦记着我的数据,因此密码干脆就设置成了最简单的root123。不单单如此,想着反正数据都没人惦记,服务器也随便设置设置怎么方便怎么来好了。
于是就直接使用docker一顿操作快速的把项目部署了上去,也没有设置其他额外的权限,而这样的想法也是导致后面数据库被黑客删除并勒索的直接原因。
2、发现问题
就在我将项目部署到服务器上之后的第二天早上,我点开网址,发现网址无法进行数据交互。于是第一反应就去查看服务器,发现后端程序直接挂掉了。此时我还没意识到是数据库被攻击了,而是对后端程序进行了重启操作,结果重启失败,于是就对日志进行了打印。
2024-06-10T10:53:55.225+08:00 WARN 1 --- [ main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdbcMappingContext' defined in class path resource [org/springframework/boot/autoconfigure/data/jdbc/JdbcRepositoriesAutoConfiguration$SpringBootJdbcConfiguration.class]: Unsatisfied dependency expressed through method 'jdbcMappingContext' parameter 1: Error creating bean with name 'jdbcCustomConversions' defined in class path resource [org/springframework/boot/autoconfigure/data/jdbc/JdbcRepositoriesAutoConfiguration$SpringBootJdbcConfiguration.class]: Failed to instantiate [org.springframework.data.jdbc.core.convert.JdbcCustomConversions]: Factory method 'jdbcCustomConversions' threw exception with message: Error creating bean with name 'jdbcDialect' defined in class path resource [org/springframework/boot/autoconfigure/data/jdbc/JdbcRepositoriesAutoConfiguration$SpringBootJdbcConfiguration.class]: Failed to instantiate [org.springframework.data.relational.core.dialect.Dialect]: Factory method 'jdbcDialect' threw exception with message: Failed to obtain JDBC Connection
2024-06-10T10:53:55.266+08:00 INFO 1 --- [ main] o.apache.catalina.core.StandardService : Stopping service [Tomcat]
2024-06-10T10:53:55.284+08:00 INFO 1 --- [ main] .s.b.a.l.ConditionEvaluationReportLogger :
Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
2024-06-10T10:53:55.405+08:00 ERROR 1 --- [ main] o.s.boot.SpringApplication : Application run failed
org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'jdbcMappingContext' defined in class path resource [org/springframework/boot/autoconfigure/data/jdbc/JdbcRepositoriesAutoConfiguration$SpringBootJdbcConfiguration.class]: Unsatisfied dependency expressed through method 'jdbcMappingContext' parameter 1: Error creating bean with name 'jdbcCustomConversions' defined in class path resource [org/springframework/boot/autoconfigure/data/jdbc/JdbcRepositoriesAutoConfiguration$SpringBootJdbcConfiguration.class]: Failed to instantiate [org.springframework.data.jdbc.core.convert.JdbcCustomConversions]: Factory method 'jdbcCustomConversions' threw exception with message: Error creating bean with name 'jdbcDialect' defined in class path resource [org/springframework/boot/autoconfigure/data/jdbc/JdbcRepositoriesAutoConfiguration$SpringBootJdbcConfiguration.class]: Failed to instantiate [org.springframework.data.relational.core.dialect.Dialect]: Factory method 'jdbcDialect' threw exception with message: Failed to obtain JDBC Connection
从日志中可以看到,应用程序在启动过程中遇到了一个关键错误,导致应用程序上下文初始化失败。具体来说,这个错误是由于Spring Boot自动配置的JDBC依赖关系未满足。
错误信息主要集中在以下几点:
- UnsatisfiedDependencyException:在初始化
jdbcMappingContextbean 时,发现jdbcCustomConversionsbean 无法被创建。- Failed to obtain JDBC Connection:在创建
jdbcDialectbean 时,无法获取JDBC连接。
然后我就纳闷了,mysql的配置又没有动过,为什么会出现JDBC依赖关系未满足呢?于是抱着疑惑的态度打开了mysql的日志,然后就看到了如下记录。
2024-06-10T00:38:09.023356Z 410 [Note] Got an error reading communication packets
2024-06-10T01:13:58.926999Z 421 [Note] Access denied for user 'root'@'185.212.170.142' (using password: NO)
2024-06-10T01:13:59.885982Z 422 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:00.858598Z 423 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:01.816908Z 424 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:02.768427Z 425 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:03.722976Z 426 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:04.719394Z 427 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:05.668941Z 428 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:06.624481Z 429 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:07.582218Z 430 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:08.541510Z 431 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:09.491250Z 432 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:10.456461Z 433 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:11.450625Z 434 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:12.401024Z 435 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:13.395708Z 436 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:35.072950Z 438 [Note] Access denied for user 'root'@'185.212.170.142' (using password: NO)
2024-06-10T01:14:36.071201Z 439 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:37.044722Z 440 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:38.034517Z 441 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:38.989700Z 442 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:39.986821Z 443 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:40.944119Z 444 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:41.912304Z 445 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:42.874976Z 446 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:43.843124Z 447 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:44.804638Z 448 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:45.755453Z 449 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:46.749016Z 450 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:47.700063Z 451 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:48.647638Z 452 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:14:49.606358Z 453 [Note] Access denied for user 'root'@'185.212.170.142' (using password: YES)
2024-06-10T01:16:18.268587Z 0 [Note] Giving 10 client threads a chance to die gracefully
2024-06-10T01:16:18.268623Z 0 [Note] Shutting down slave threads
2024-06-10T01:16:20.268718Z 0 [Note] Forcefully disconnecting 10 remaining clients
2024-06-10T01:16:20.268747Z 0 [Warning] mysqld: Forcing close of thread 411 user: 'root'
2024-06-10T01:16:20.268807Z 0 [Warning] mysqld: Forcing close of thread 418 user: 'root'
2024-06-10T01:16:20.268835Z 0 [Warning] mysqld: Forcing close of thread 419 user: 'root'
2024-06-10T01:16:20.268890Z 0 [Warning] mysqld: Forcing close of thread 417 user: 'root'
2024-06-10T01:16:20.268907Z 0 [Warning] mysqld: Forcing close of thread 414 user: 'root'
2024-06-10T01:16:20.268923Z 0 [Warning] mysqld: Forcing close of thread 415 user: 'root'
2024-06-10T01:16:20.268937Z 0 [Warning] mysqld: Forcing close of thread 420 user: 'root'
2024-06-10T01:16:20.268952Z 0 [Warning] mysqld: Forcing close of thread 416 user: 'root'
2024-06-10T01:16:20.268966Z 0 [Warning] mysqld: Forcing close of thread 412 user: 'root'
2024-06-10T01:16:20.268981Z 0 [Warning] mysqld: Forcing close of thread 413 user: 'root'
2024-06-10T01:16:20.269011Z 0 [Note] Event Scheduler: Purging the queue. 0 events
2024-06-10T01:16:20.269681Z 0 [Note] Binlog end
2024-06-10T01:16:20.270232Z 0 [Note] Shutting down plugin 'ngram'
2024-06-10T01:16:20.270245Z 0 [Note] Shutting down plugin 'partition'
2024-06-10T01:16:20.270248Z 0 [Note] Shutting down plugin 'BLACKHOLE'
2024-06-10T01:16:20.270251Z 0 [Note] Shutting down plugin 'ARCHIVE'
2024-06-10T01:16:20.270254Z 0 [Note] Shutting down plugin 'PERFORMANCE_SCHEMA'
2024-06-10T01:16:20.270282Z 0 [Note] Shutting down plugin 'MRG_MYISAM'
2024-06-10T01:16:20.270287Z 0 [Note] Shutting down plugin 'MyISAM'
2024-06-10T01:16:20.270299Z 0 [Note] Shutting down plugin 'INNODB_SYS_VIRTUAL'
2024-06-10T01:16:20.270301Z 0 [Note] Shutting down plugin 'INNODB_SYS_DATAFILES'
2024-06-10T01:16:20.270304Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESPACES'
2024-06-10T01:16:20.270306Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN_COLS'
2024-06-10T01:16:20.270308Z 0 [Note] Shutting down plugin 'INNODB_SYS_FOREIGN'
2024-06-10T01:16:20.270310Z 0 [Note] Shutting down plugin 'INNODB_SYS_FIELDS'
2024-06-10T01:16:20.270313Z 0 [Note] Shutting down plugin 'INNODB_SYS_COLUMNS'
2024-06-10T01:16:20.270315Z 0 [Note] Shutting down plugin 'INNODB_SYS_INDEXES'
2024-06-10T01:16:20.270331Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLESTATS'
2024-06-10T01:16:20.270334Z 0 [Note] Shutting down plugin 'INNODB_SYS_TABLES'
2024-06-10T01:16:20.270336Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_TABLE'
2024-06-10T01:16:20.270338Z 0 [Note] Shutting down plugin 'INNODB_FT_INDEX_CACHE'
2024-06-10T01:16:20.270340Z 0 [Note] Shutting down plugin 'INNODB_FT_CONFIG'
2024-06-10T01:16:20.270342Z 0 [Note] Shutting down plugin 'INNODB_FT_BEING_DELETED'
2024-06-10T01:16:20.270344Z 0 [Note] Shutting down plugin 'INNODB_FT_DELETED'
2024-06-10T01:16:20.270347Z 0 [Note] Shutting down plugin 'INNODB_FT_DEFAULT_STOPWORD'
2024-06-10T01:16:20.270349Z 0 [Note] Shutting down plugin 'INNODB_METRICS'
2024-06-10T01:16:20.270351Z 0 [Note] Shutting down plugin 'INNODB_TEMP_TABLE_INFO'
2024-06-10T01:16:20.270353Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_POOL_STATS'
2024-06-10T01:16:20.270355Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE_LRU'
2024-06-10T01:16:20.270357Z 0 [Note] Shutting down plugin 'INNODB_BUFFER_PAGE'
2024-06-10T01:16:20.270359Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX_RESET'
2024-06-10T01:16:20.270362Z 0 [Note] Shutting down plugin 'INNODB_CMP_PER_INDEX'
2024-06-10T01:16:20.270364Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM_RESET'
2024-06-10T01:16:20.270366Z 0 [Note] Shutting down plugin 'INNODB_CMPMEM'
2024-06-10T01:16:20.270368Z 0 [Note] Shutting down plugin 'INNODB_CMP_RESET'
2024-06-10T01:16:20.270370Z 0 [Note] Shutting down plugin 'INNODB_CMP'
2024-06-10T01:16:20.270372Z 0 [Note] Shutting down plugin 'INNODB_LOCK_WAITS'
2024-06-10T01:16:20.270374Z 0 [Note] Shutting down plugin 'INNODB_LOCKS'
2024-06-10T01:16:20.270377Z 0 [Note] Shutting down plugin 'INNODB_TRX'
2024-06-10T01:16:20.270379Z 0 [Note] Shutting down plugin 'InnoDB'
2024-06-10T01:16:20.273094Z 0 [Note] InnoDB: FTS optimize thread exiting.
2024-06-10T01:16:20.273286Z 0 [Note] InnoDB: Starting shutdown...
2024-06-10T01:16:20.373534Z 0 [Note] InnoDB: Dumping buffer pool(s) to /var/lib/mysql/ib_buffer_pool
2024-06-10T01:16:20.373762Z 0 [Note] InnoDB: Buffer pool(s) dump completed at 240610 9:16:20
2024-06-10T01:16:21.883414Z 0 [Note] InnoDB: Shutdown completed; log sequence number 12819319
2024-06-10T01:16:21.884230Z 0 [Note] InnoDB: Removed temporary tablespace data file: "ibtmp1"
2024-06-10T01:16:21.884260Z 0 [Note] Shutting down plugin 'MEMORY'
2024-06-10T01:16:21.884266Z 0 [Note] Shutting down plugin 'CSV'
2024-06-10T01:16:21.884271Z 0 [Note] Shutting down plugin 'sha256_password'
2024-06-10T01:16:21.884274Z 0 [Note] Shutting down plugin 'mysql_native_password'
2024-06-10T01:16:21.884417Z 0 [Note] Shutting down plugin 'binlog'
2024-06-10T01:16:21.885472Z 0 [Note] mysqld: Shutdown complete日志分析
- 大量“Access denied for user 'root'”消息:这些消息显示有很多尝试使用
root用户连接数据库,但密码错误。这通常是暴力破解攻击的一种表现形式,即尝试使用不同的密码来获得访问权限。- 固定IP地址:攻击来自
185.212.170.142这一单一IP地址,且每隔一秒或几秒钟就有一次尝试,这与自动化攻击工具的行为模式一致。- “Got an error reading communication packets”消息:这可能是由于大量的无效连接请求导致的,进一步表明数据库可能正在遭受攻击。
看到这个日志我才反应过来,数据库被黑客攻击了。然后就在数据库中看到了黑客留下的一段话:
果然是被黑客攻击了,查了一下0.0125比特币的价值,居然是6000多元人民币,原来我的数据这么值钱(笑死。
一直关注开发,对数据的安全和备份确实有失关注了,还好只是测试数据,但是被黑客攻击这一经历,给我敲响了警钟,让我意识到网络世界中要保护信息的安全。于是针对于此,做了很多数据库安全加固,给大家做个分享。
3、解决措施
3.1、复杂化数据库密码
原先的 root 密码是:root123,现在需要更复杂才行,由于是跑在 docker 中,启动命令设置强密码。密码尽量包含大小写及特殊字符,特别是对于线上环境,一定要把 root 密码设置的复杂些。
3.2、修改数据库默认端口
项目部署到正式环境,把 Mysql 数据库的默认端口替换成不常见的端口,例如:33066
docker run -d \
--name mysql \
-p 33066:3306 \
-e TZ=Asia/Shanghai \
-e MYSQL_ROOT_PASSWORD=your_password \
--network hacynn \
mysql:5.7原先应用服务器端口要删除 3306 端口,并增加 33066 端口,安全组设置如下:
开启防火墙
systemctl start firewalld查看防火墙状态
systemctl status firewalld
开放指定端口号
使用 –permanent 参数表示永久生效,没有此参数防火墙重启后失效
firewall-cmd --zone=public --add-port=端口号/tcp --permanent重启防火墙
systemctl restart firewalld查看防火墙所有开放的端口
firewall-cmd --list-ports
3.3、限制数据库用户权限
一般不适用 root 用户来随意操作数据库,需要单独新建一个用户来操作,特别是开放远程连接,一定不能是 root 用户。
新增一个开发用户,并设置相应权限:
#切换到mysql库,mysql库里存放着user表
use mysql;
#查看user表现有
select host,user password from user;
#创建开发阶段所需临时用户:dev_laigeoffer,自定义密码,尽量复杂化
create user 'dev_laigeoffer'@'%' identified by '设置密码';
#如果密码设置错了还可以修改
ALTER USER 'dev_laigeoffer'@'%' IDENTIFIED BY '更改密码';
#给开发用户分配访问权限,暂时允许任何主机连接,授权用户除了将权限授予其他账户的能力
GRANT ALL PRIVILEGES ON *.* TO 'dev_laigeoffer'@'%';
# 修改后刷新权限
flush privileges;
#退出mysql数据库
exit;
mysql -u dev_laigeoffer -p3.4、单独的数据库服务器
被黑的 Mysql 数据库是和应用服务器(代码打包后部署的服务器)安装在一起的(为了省钱 ),为了安全正式环境应该把数据库单独放一台服务器,只允许让应用服务器IP来访问数据库服务器,通过独立两者,就算其中一台发生问题,另一台也是好的,进一步降低了危险性。
3.5、定时备份数据库数据
可以定时的备份数据库,开发定时备份功能,每天晚上备份一下数据库,如果没有备份服务器,可以把备份数据存在应用服务器上。
我用的是阿里云自带的云盘快照解决:
【博主推荐】
Linux启动KKfileview文件在线浏览时报错:启动office组件失败,请检查office组件是否可用-CSDN博客
https://blog.csdn.net/zzzzzhxxx/article/details/139562211?spm=1001.2014.3001.5501使用STS临时访问凭证通过客户端直连OSS对象存储服务器_oss sts yourrolesessionname-CSDN博客https://blog.csdn.net/zzzzzhxxx/article/details/139377927?spm=1001.2014.3001.5501【Java多线程】面试常考 —— JUC(java.util.concurrent) 的常见类_java juc常用类-CSDN博客https://blog.csdn.net/zzzzzhxxx/article/details/136777947?spm=1001.2014.3001.5501
如果觉得作者写的不错,求给博主一个点赞支持一下,你们的支持是我更新的最大动力!
如果觉得作者写的不错,求给博主一个点赞支持一下,你们的支持是我更新的最大动力!
如果觉得作者写的不错,求给博主一个点赞支持一下,你们的支持是我更新的最大动力!
腾讯云面向开发者汇聚海量精品云计算使用和开发经验,营造开放的云计算技术生态圈。
更多推荐
35
0- 0
已为社区贡献1条内容
所有评论(0)