记一次公司数据库被黑事件

2017-02-04 16:01:41 +08:00
 billyu

时间:

2017.2.4 上午 开工第一天

经过:

A. 9 点钟,公司几个小伙伴都准时来了(除了产品经理),吃早餐、喝水,此时一切正常。

B. 9 点一刻,老板出场,每人问候一遍,查看项目进度,发现 app 无数据,我试图登录远程服务器,无果,等待产品经理开服务器

C. 9 点半到 10 点,与老板私聊转正。

D.10 点钟,产品经理出场,发现远程服务器被别人关闭,手动打开后, ssh 登录出现以下界面Imgur,打开目标链接:Imgur, mysql 数据库被初始化。

大写的一脸懵逼

11251 次点击
所在节点    数据库
107 条回复
krisbai
2017-02-04 16:04:21 +08:00
服务器产品经理管????????
songsong
2017-02-04 16:04:25 +08:00
然后呢, 赶快排除是谁的锅吧, po 主还在这发帖
misaka19000
2017-02-04 16:23:00 +08:00
前排小板凳已经摆好了
billycs
2017-02-04 16:24:26 +08:00
服务器产品经理管????????
demoxu
2017-02-04 16:25:38 +08:00
前排小板凳已经摆好了,等着看结果
kookxiang
2017-02-04 16:26:25 +08:00
数据库躺枪
abc123ccc
2017-02-04 16:28:02 +08:00
我也觉得奇怪,为啥服务器由产品经理接管呢??
Moker
2017-02-04 16:28:59 +08:00
怎么产品管数据库
R18
2017-02-04 16:30:19 +08:00
app 无数据都没人反馈的。。
Mizzi
2017-02-04 16:30:52 +08:00
THIS MACHINE HAS BEEN INFECTED WITH RANSOMWARE | THIS MACHINE HAS BEEN INFECTED WITH RANSOMWARE
x86
2017-02-04 16:31:12 +08:00
越来越看不懂产品经理了…都能管服务器了
rekulas
2017-02-04 16:34:14 +08:00
由此可见 使用专门的第三方数据库服务器还是有意义的
SoloCompany
2017-02-04 16:35:17 +08:00
楼上两位有什么故事要说?
holyzhou
2017-02-04 16:39:15 +08:00
咱实话实说 是不是云服务器开到外网去了 然后还是 root + 弱密码?应该还是通过 ssh 进来的,因为你机器关机了,一般情况下你运行 mysql 的用户没有关机权限。
Systemd
2017-02-04 16:41:36 +08:00
图片码没打好...标题栏上 IP 暴露了...

有备份吗?
lxlgod
2017-02-04 16:44:11 +08:00
感觉大兄弟已经有应对的办法,还那么悠闲
gamesbain
2017-02-04 16:47:20 +08:00
THIS MACHINE HAS BEEN INFECTED WITH RANSOMWARE | THIS MACHINE HAS BEEN INFECTED WITH RANSOMWARE

Hi,

This machine has been infected by ransomware.
You must pay 2 BITCOINS to: 1BbojChKJh3ste5Ky96sysvC1dxd1hGHNi to retrieve your files and/or prevent them from being leaked.

We are the only ones in the world that can provide your files to you.
When your machine was hacked, your files were sent to a server that we control.

You can e-mail panin@sigaint.org for support, but please don't send us e-mails unless
you have paid or are prepared to pay.
Questions such as "can I see my files first?" will be ignored.

FBI ADVISE FOR YOU TO PAY: https://www.tripwire.com/state-of-security/latest-security-news/ransomware-victims-should-just-pay-the-ransom-says-the-fbi/

HOW TO PAY:

You can purchase BITCOINS from many exchanges such as:

http://okcoin.com
http://coinbase.com
http://localbitcoins.com
http://kraken.com

When you have sent payment, please e-mail panin@sigaint.org with "paid" in the subject so we can answer your e-mail first.
Send us:

1) SERVER IP ADDRESS
2) BTC TRANSACTION ID

and we will then give you access to files, you can delete files from us when done from an FTP server.

Goodbye!
daveincave
2017-02-04 16:48:09 +08:00
紧张的甩锅活动开始了😰
mhycy
2017-02-04 16:49:01 +08:00
大概楼主口中的产品经理指的是他们的直属领导
应该叫部门经理比较合适,技术出身,规划产品的大体走向开发节奏并分派任务
irainsoft
2017-02-04 16:52:45 +08:00
谁管服务器谁的锅

话说这样子数据基本没希望了...直接重装系统拿备份文件恢复吧

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/338057

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX