Rollback data without restore job

bladetmc

Verified User
Joined
May 16, 2006
Messages
17
Location
Almere, Holland
I have a strange ghost running around on my VPS (CentOS 7.0 64-Bit, DirectAdmin 1.53.4) where randomly my data gets restored to a previous version.

For example, in my ecommerce envirement the orders will be set on shipped and a logging entry will be placed who did when. TYhe next morning that entry is gone and the order status is back on payed. It is not Always, but i can not understand what is going on.

There is no automatic restore running and i only added commandline SVN.
The technicians of the VPS say there is nothing running, but my VPS seems to have dementia.


Is this a problem that anybody has been encoutered before or how can i tackle if it is not a ghost process restoring my database (it happens on more then just 1 account).
 
Hello,

Possible malware? Viruses?

MySQL replication? Other...

It's hard to say anything concrete without reading all possible logs on the server.

Check your server /home/*/domains/*/public_html/ with maldet scanner, check all possible logs, check SSH connections, mysql logs, etc.
 
Server has been scanned for virus multiple times with no result (External tool, no clue ex).
I did run maldet by myself with nothing found.

Any suggestions what i should try next?


Asking here, because my support seems to have no clue whats wrong and tell me a reinstall of the VPS with more then 5 hours downtime is a good option :(
 
External tools? What do you mean? Do they check HTTP/HTTPs? Or files from disk?

What to try next? Read all possible logs... At least I would try and read all logs searching for any anomaly or errors. If you have exact time when data in MySQL server rolled back then use the time and scan through all logs for the time frame.

If you don't know how to read logs you might want to hire somebody for this job.
 
External tools they used… I used it commandline ofcourse :p
I know how to read logs, but i guess i need to scope MySQL at first then, since i know a sort of time frame (Last night between 22:00-06:00)
 
Is the issue happening only with MySQL? Do you have gaps in logs? I would check cron logs, as directadmin have crontasks to run every minute, so all records of cron logs should be written there... and you can see whether or not logs are rolled back too.

If it happens to MySQL only, then I'd try to log queries running there. if you have sufficient disk space you might enable full logging in MySQL, it will write all executed queries in a text file. At least it can give some more information:

- exact time of queries

then you search web-logs for possible POST requests at the same time frame, IPs, etc.
 
Back
Top