服务器 Gind.cn
  1. 服务器 Gind.cn
  3. MySQL对AWS AMI进行了攻击:“付钱获取数据” – 这怎么可能以及下一次如何避免呢?
Intereting Posts
Apache错误日志显示文件webdav,wp-login.php不存在 – 可能的攻击 Windows SMTP中继服务器将BCC添加到所有电子邮件 在openxp的lxc guest中没有tun设备 用于运行游戏服务器的硬件,networking基础架构和VirtualGL 通过PowerShell编辑本地策略 区域之间的Amazon syn 是否有可能“看到”一个传入的ping? Apache2反向代理连接保持持久性,填充ssh通道 有没有办法强制从客户端服务器DNS删除logging? 可以在AWS上托pipe电子邮件和DNS吗? 什么是SnapGear SG560系统日志系统日志的“设施” NFS客户端无法挂载其他响应式服务器的共享 Windows Vista防火墙阻止Java应用程序 Subversion的checkin和import命令之间的区别? 通过GP在多个站点上部署大型应用程序

MySQL对AWS AMI进行了攻击:“付钱获取数据” – 这怎么可能以及下一次如何避免呢?

今天早上我注意到,我在EC2实例上托pipe的一些网站不工作。 当我validation了MySql数据库时,它被清除了! :(我唯一发现的只是一个logging,告诉我我被黑了,要是要我的数据回来付钱:D …无论如何。

他们如何设法进入我的数据库? 我现在应该采取哪些措施来保护我的实例/数据库?

港口开放: 在这里输入图像说明

这是我的MySql日志,我真的很感激,如果有人可以看看,并告诉我一些关于: 

2017-03-18 15:27:19 14056 [Note] InnoDB: Shutdown completed; log sequence number 5692547 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'PERFORMANCE_SCHEMA' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'BLACKHOLE' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'CSV' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'MEMORY' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'MyISAM' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'MRG_MYISAM' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'sha256_password' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'mysql_old_password' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'mysql_native_password' 2017-03-18 15:27:19 14056 [Note] Shutting down plugin 'binlog' 2017-03-18 15:27:19 14056 [Note] /usr/libexec/mysql56/mysqld: Shutdown complete 2017-03-18 15:27:20 12178 [Note] Plugin 'FEDERATED' is disabled. 2017-03-18 15:27:20 12178 [Note] InnoDB: Using atomics to ref count buffer pool pages 2017-03-18 15:27:20 12178 [Note] InnoDB: The InnoDB memory heap is disabled 2017-03-18 15:27:20 12178 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2017-03-18 15:27:20 12178 [Note] InnoDB: Memory barrier is not used 2017-03-18 15:27:20 12178 [Note] InnoDB: Compressed tables use zlib 1.2.8 2017-03-18 15:27:20 12178 [Note] InnoDB: Using Linux native AIO 2017-03-18 15:27:20 12178 [Note] InnoDB: Using CPU crc32 instructions 2017-03-18 15:27:20 12178 [Note] InnoDB: Initializing buffer pool, size = 128.0M 2017-03-18 15:27:20 12178 [Note] InnoDB: Completed initialization of buffer pool 2017-03-18 15:27:20 12178 [Note] InnoDB: Highest supported file format is Barracuda. 2017-03-18 15:27:20 12178 [Note] InnoDB: 128 rollback segment(s) are active. 2017-03-18 15:27:20 12178 [Note] InnoDB: Waiting for purge to start 2017-03-18 15:27:20 12178 [Note] InnoDB: 5.6.35 started; log sequence number 5692547 2017-03-18 15:27:20 12178 [Note] RSA private key file not found: /var/lib/mysql//private_key.pem. Some authentication plugins will not work. 2017-03-18 15:27:20 12178 [Note] RSA public key file not found: /var/lib/mysql//public_key.pem. Some authentication plugins will not work. 2017-03-18 15:27:20 12178 [Note] Server hostname (bind-address): '*'; port: 3306 2017-03-18 15:27:20 12178 [Note] IPv6 is available. 2017-03-18 15:27:20 12178 [Note] - '::' resolves to '::'; 2017-03-18 15:27:20 12178 [Note] Server socket created on IP: '::'. 2017-03-18 15:27:20 12178 [Note] Event Scheduler: Loaded 0 events 2017-03-18 15:27:20 12178 [Note] /usr/libexec/mysql56/mysqld: ready for connections. Version: '5.6.35' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Server (GPL) 2017-03-18 16:06:17 12178 [Warning] IP address '27.18.88.215' could not be resolved: Name or service not known 2017-03-18 18:29:03 12178 [Warning] Hostname 'thinkdream.com' does not resolve to '14.192.9.41'. 2017-03-18 18:29:03 12178 [Note] Hostname 'thinkdream.com' has the following IP addresses: 2017-03-18 18:29:03 12178 [Note] - 103.206.122.114 2017-03-18 18:38:36 12178 [Warning] IP address '117.44.26.66' could not be resolved: Name or service not known 2017-03-18 19:37:22 12178 [Warning] IP address '49.4.143.152' could not be resolved: Name or service not known 2017-03-18 21:24:57 12178 [Warning] IP address '49.4.135.14' could not be resolved: Name or service not known 2017-03-18 22:03:15 12178 [Warning] IP address '171.221.233.50' could not be resolved: Name or service not known 2017-03-18 22:36:58 12178 [Warning] IP address '182.18.72.116' could not be resolved: Name or service not known 2017-03-18 23:05:57 12178 [Warning] IP address '146.0.72.199' could not be resolved: Name or service not known 2017-03-18 23:05:57 12178 [Warning] IP address '146.0.72.199' could not be resolved: Name or service not known 2017-03-18 23:51:04 12178 [Warning] IP address '49.4.142.104' could not be resolved: Name or service not known 2017-03-19 00:18:55 12178 [Warning] IP address '222.187.224.190' could not be resolved: Name or service not known 2017-03-19 00:22:02 12178 [Warning] IP address '49.4.135.189' could not be resolved: Name or service not known 2017-03-19 01:26:56 12178 [Warning] IP address '182.18.72.82' could not be resolved: Name or service not known 2017-03-19 01:49:36 12178 [Warning] IP address '118.193.165.12' could not be resolved: Name or service not known 2017-03-19 01:52:47 12178 [Warning] IP address '107.179.126.47' could not be resolved: Name or service not known 2017-03-19 01:55:14 12178 [Warning] IP address '49.4.142.189' could not be resolved: Name or service not known 2017-03-19 04:27:45 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:27:54 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:28:06 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:28:15 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:28:15 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:28:26 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:28:38 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:28:56 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:29:15 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:29:33 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:30:13 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:30:44 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:31:17 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:32:05 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:32:22 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:32:58 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 04:32:59 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 05:23:02 12178 [Warning] IP address '113.108.21.16' could not be resolved: Name or service not known 2017-03-19 07:18:40 12178 [Warning] IP address '61.177.139.252' could not be resolved: Name or service not known 2017-03-19 07:18:40 12178 [Warning] IP address '61.177.139.252' could not be resolved: Name or service not known 2017-03-19 08:59:45 12178 [Warning] IP address '49.4.142.178' could not be resolved: Name or service not known 2017-03-19 12:28:36 12178 [Warning] IP address '107.179.45.19' could not be resolved: Name or service not known 2017-03-19 15:47:23 12178 [Warning] IP address '103.37.45.166' could not be resolved: Name or service not known 2017-03-19 16:33:18 12178 [Warning] IP address '61.160.194.88' could not be resolved: Name or service not known 2017-03-19 18:09:59 12178 [Warning] IP address '139.196.18.68' could not be resolved: Name or service not known 2017-03-19 18:10:44 12178 [Warning] IP address '117.41.229.53' could not be resolved: Name or service not known 2017-03-19 21:00:33 12178 [Warning] IP address '182.18.72.81' could not be resolved: Name or service not known 2017-03-19 21:31:10 12178 [Warning] IP address '123.249.45.172' could not be resolved: Name or service not known 2017-03-19 21:40:05 12178 [Warning] IP address '123.249.27.92' could not be resolved: Temporary failure in name resolution 2017-03-19 21:52:52 12178 [Warning] Host name 'hostby.chnet.se' could not be resolved: Name or service not known 2017-03-20 00:33:24 12178 [Warning] IP address '122.114.224.10' could not be resolved: Temporary failure in name resolution 2017-03-20 00:41:00 12178 [Warning] IP address '106.111.128.184' could not be resolved: Name or service not known 2017-03-20 02:44:32 12178 [Warning] IP address '49.4.142.177' could not be resolved: Name or service not known

安全组规则显示你为每个人打开了3306,这是危险的。

  1. 不要让任何地方的stream量到达3306。
  2. 限制3306访问已知的IP,更好的select是通过VPN限制访问。
  3. 添加日志监控工具,以便在发生恶意stream量的情况下通知您。
  4. 如果你有小的设置,那么使用Monit监视日志。
  5. MySQL中严格的用户策略

还有很多其他的东西可以用来保护MySQL。 但从这些开始,这是一件好事。

你应该做的第一件事是防止这种情况再次发生,就是replace你拥有的每一个MySQL实例。

虽然我build议您不要考虑为数据付费,但如果必须的话,请保留一个可以让您恢复数据的实例,然后尽快转储,然后检查并重新检查该转储,然后将其导入干净的安装。

如果你能负担不起来的数据,把所有东西都烧到地上再重新开始。

@ xs2rashid的build议绝对是好的。 当然可以考虑不允许任何你不需要的访问,即将所有内容白名单,而不是使用黑名单。

我还build议你确保在节点上运行mysql_secure_installation,并使用密码pipe理器(例如KeePass)生成强密码。 更好的可能是使用CA / PKI – cfssl可以很容易地生成您需要的证书。

您可能希望使用fail2ban来帮助阻止任何可疑事件( 如何使用Fail2ban设置对MySQL的监视? ),以防止networking保护中的错误。

您还将SSH暴露给全世界,这意味着您几乎可以肯定地希望确保您正在使用公共密钥身份validation,禁止rootlogin,并尽可能限制对SSH的访问/login(例如限制networking访问,并限制哪些用户/组被允许login)。

我倾向于认为,通过阅读适合您的发行版的独联体基准 ,您可能会从中获益,并考虑至less应用其中一些build议。