From Spectre@21:3/105 to All on Tuesday, August 06, 2019 15:00:00
Would you believe someone broke into my mysql server and deleted the databases belonging to my A2 Hardware DB and Library. They were also crazy enough to think I might part with bitcoin for them.
Well I have the backups from what 2 weeks ago, so I wasn't overly stressed. But
I got to looking around how to secure the server better. I'm unclear what the
actual attack vector was, but I believe it was just a direct assault on mysql,
and not a compromised account password. Speaking of which I should poke through the passwords file just in case again. So I found all sorts of "hardening" for your mysql server and thinking I'd see how it worked after implementing a couple.... it wouldn't restart, and was completely borked :/
I think it took more effort to get it reinstalled than it took to restore the databases themselves. But it did give me the opportunity to change all those passwords from scratch. So I'll keep my fingers crossed for now.
Spec
---
* Origin: Default origin line (21:3/105)
From Spectre@21:3/105 to NuSkooler on Wednesday, August 07, 2019 16:45:00
Updated MySQL etc.? Injection attack?
I've done what I can with mysql which so far really has been precious little. password changes and privilege reductions. But I don't really know how it was achieved. I believe its direct into mysql, I don't think anything else has been
compromised.