- 主题:mysql日志里一堆这种记录
是不是说明服务器被黑了?
2023-04-05T22:48:25.822871Z 33556 [Note] Access denied for user '11'@'localhost' (using password: YES)
2023-04-05T22:49:21.152661Z 33557 [Note] Access denied for user 'raj'@'localhost' (using password: YES)
2023-04-05T22:50:15.778702Z 33558 [Note] Access denied for user 'admin'@'localhost' (using password: YES)
2023-04-05T22:51:09.498507Z 33560 [Note] Access denied for user 'user'@'localhost' (using password: YES)
2023-04-05T22:52:03.228260Z 33561 [Note] Access denied for user 'info'@'localhost' (using password: YES)
2023-04-05T22:52:58.324086Z 33562 [Note] Access denied for user 'user'@'localhost' (using password: YES)
2023-04-05T22:53:51.980015Z 33563 [Note] Access denied for user 'agent'@'localhost' (using password: YES)
2023-04-05T22:54:48.888574Z 33569 [Note] Access denied for user 'design'@'localhost' (using password: YES)
2023-04-05T22:55:42.528668Z 33570 [Note] Access denied for user 'TEST'@'localhost' (using password: YES)
2023-04-05T22:56:38.315489Z 33572 [Note] Access denied for user 'Test'@'localhost' (using password: YES)
2023-04-05T22:57:33.510387Z 33573 [Note] Access denied for user 'Admin'@'localhost' (using password: YES)
2023-04-05T22:58:23.014233Z 33575 [Note] Access denied for user 'Test'@'localhost' (using password: YES)
2023-04-05T22:59:16.373297Z 33577 [Note] Access denied for user 'POS_USER'@'localhost' (using password: YES)
2023-04-05T23:00:09.196035Z 33579 [Note] Access denied for user 'User'@'localhost' (using password: YES)
2023-04-05T23:01:02.962547Z 33580 [Note] Access denied for user 'arr'@'localhost' (using password: YES)
2023-04-05T23:01:57.202267Z 33581 [Note] Access denied for user 'DS'@'localhost' (using password: YES)
2023-04-05T23:02:52.067910Z 33582 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2023-04-05T23:03:44.303659Z 33584 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2023-04-05T23:04:37.244475Z 33585 [Note] Access denied for user 'user'@'localhost' (using password: YES)
--
FROM 180.112.123.*
只是试密码而已,
【 在 bom 的大作中提到: 】
: 是不是说明服务器被黑了?
: 2023-04-05T22:48:25.822871Z 33556 [Note] Access denied for user
: '11'@'localhost' (using password: YES)
: 2023-04-05T22:49:21.152661Z 33557 [Note] Access denied for user
: 'raj'@'localhost' (using password: YES)
: ...................
--
FROM 119.139.197.*
是攻击。至于攻击来源,你得找。
是你把数据库端口暴露给不相关的人尝试,还是前端应用被黑,又或者前端应用存在注
入漏洞,允许恶意用户通过应用对后端数据库攻击,需要排查。
【 在 bom 的大作中提到: 】
: 是不是说明服务器被黑了?
: 2023-04-05T22:48:25.822871Z 33556 [Note] Access denied for user '11'@'localhost' (using password: YES)
: 2023-04-05T22:49:21.152661Z 33557 [Note] Access denied for user 'raj'@'localhost' (using password: YES)
: ...................
--
FROM 119.130.152.*
我的这个数据库端口绑定的是127.0.0.1
是不是说明这个攻击是用的注入漏洞这种?
【 在 Dazzy 的大作中提到: 】
: 标 题: Re: mysql日志里一堆这种记录
: 发信站: 水木社区 (Thu Apr 6 09:57:08 2023), 站内
:
:
: 是攻击。至于攻击来源,你得找。
:
: 是你把数据库端口暴露给不相关的人尝试,还是前端应用被黑,又或者前端应用存在注
: 入漏洞,允许恶意用户通过应用对后端数据库攻击,需要排查。
:
:
: 【 在 bom 的大作中提到: 】
: : 是不是说明服务器被黑了?
: : 2023-04-05T22:48:25.822871Z 33556 [Note] Access denied for user '11'@'localhost' (using password: YES)
: : 2023-04-05T22:49:21.152661Z 33557 [Note] Access denied for user 'raj'@'localhost' (using password: YES)
: : ...................
:
: --
:
: ※ 来源:·水木社区 mysmth.net·[FROM: 119.130.152.*]
--
FROM 180.112.123.*
关键就是谁能访问这个端口?
如果外部网络不可以访问,那就是localhost,这可能是应用,又可能是其它进程。
你可以关了应用,如果没更多提示了,多半就是前端了。如果还有,那说明其它进程。
你可以关注一下数据库端口的活跃链接是哪几个进程来的。如果不是关键业务,可以逐
个关,分区排查。
【 在 bom 的大作中提到: 】
: 我的这个数据库端口绑定的是127.0.0.1
: 是不是说明这个攻击是用的注入漏洞这种?
--
FROM 119.130.152.*
不是“被黑ed”
而是“被黑ing”
【 在 bom 的大作中提到: 】
: 是不是说明服务器被黑了?
: 2023-04-05T22:48:25.822871Z 33556 [Note] Access denied for user '11'@'localhost' (using password: YES)
: 2023-04-05T22:49:21.152661Z 33557 [Note] Access denied for user 'raj'@'localhost' (using password: YES)
: ...................
--
FROM 139.226.19.*