Results 1 to 7 of 7

Thread: Rollback data without restore job

  1. #1
    Join Date
    May 2006
    Location
    Almere, Holland
    Posts
    13

    Rollback data without restore job

    I have a strange ghost running around on my VPS (CentOS 7.0 64-Bit, DirectAdmin 1.53.4) where randomly my data gets restored to a previous version.

    For example, in my ecommerce envirement the orders will be set on shipped and a logging entry will be placed who did when. TYhe next morning that entry is gone and the order status is back on payed. It is not Always, but i can not understand what is going on.

    There is no automatic restore running and i only added commandline SVN.
    The technicians of the VPS say there is nothing running, but my VPS seems to have dementia.


    Is this a problem that anybody has been encoutered before or how can i tackle if it is not a ghost process restoring my database (it happens on more then just 1 account).
    Chuck Norris FTW!

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    Hello,

    Possible malware? Viruses?

    MySQL replication? Other...

    It's hard to say anything concrete without reading all possible logs on the server.

    Check your server /home/*/domains/*/public_html/ with maldet scanner, check all possible logs, check SSH connections, mysql logs, etc.

  3. #3
    Join Date
    May 2006
    Location
    Almere, Holland
    Posts
    13
    Server has been scanned for virus multiple times with no result (External tool, no clue ex).
    I did run maldet by myself with nothing found.

    Any suggestions what i should try next?


    Asking here, because my support seems to have no clue whats wrong and tell me a reinstall of the VPS with more then 5 hours downtime is a good option
    Chuck Norris FTW!

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    External tools? What do you mean? Do they check HTTP/HTTPs? Or files from disk?

    What to try next? Read all possible logs... At least I would try and read all logs searching for any anomaly or errors. If you have exact time when data in MySQL server rolled back then use the time and scan through all logs for the time frame.

    If you don't know how to read logs you might want to hire somebody for this job.

  5. #5
    Join Date
    May 2006
    Location
    Almere, Holland
    Posts
    13
    External tools they used… I used it commandline ofcourse :P
    I know how to read logs, but i guess i need to scope MySQL at first then, since i know a sort of time frame (Last night between 22:00-06:00)
    Chuck Norris FTW!

  6. #6
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    12,494
    Is the issue happening only with MySQL? Do you have gaps in logs? I would check cron logs, as directadmin have crontasks to run every minute, so all records of cron logs should be written there... and you can see whether or not logs are rolled back too.

    If it happens to MySQL only, then I'd try to log queries running there. if you have sufficient disk space you might enable full logging in MySQL, it will write all executed queries in a text file. At least it can give some more information:

    - exact time of queries

    then you search web-logs for possible POST requests at the same time frame, IPs, etc.

  7. #7
    Join Date
    May 2006
    Location
    Almere, Holland
    Posts
    13
    As far as i know only MySQL, the idea of checking for gaps is a good idea, wil do that later on tonight!
    Chuck Norris FTW!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •