Mysql server broken down

J

jootn

New member
Joined
Jul 26, 2013
Messages
3
Hi all,

I have a serious problem with my dedicated server...

Two days ago we where hacked... They changed the root password & messed up our DA setup...

I wasn't able to do anything anymore... Resetted our root pw did the trick but the DA problem wasn't solved by that :-(
Apache wouldn't start, same for mysql-server...

Now the server is back and running...
Apache all ok
Php all ok
Mysql starts up but i have major problems with this one...

Yesterday I saw in DA (user-level --> mysql mgmt) that i had 8 databases on the server (what was correct). Now i see 0!! (major problem :-) )
My php config said i was trying to use a mysql-socket who didn't exist (/tmp/mysql.sock)
Phpmyadmin did run but only saw the two main-databases (mysql and another one).

Now php is fine... I changed the socket in /etc/my.cnf to /tmp/my.cnf had to chmod 1777 /tmp...

But my websites say that the user doesn't have access to the database and in DA i see that i have NULL databases...
I think my mysql server uses a wron data directory... If i check the directory /home/mysql i see all the databases i need but he won't show them.
DA now also says that he has a wrong root password...

Anyone else with this problem?

K.r.
Joachim
 
I hope you had backups, cause after a server has been hacked at root level, the major suggestion (i presume that everyone will give you) is to format the server and start over.



Regards
 
No unfortunattly i havent...

I can see the mysql databeses like folders in /home/mysql/dbname tough... In those folders are .frm & .ibd files...
I hope i can recover the databese from those folders?
 
There is more than one way to tell mysql where to look for the data directory. One is in the init.d script (/etc/init.d/mysqld on RHEL type systems), look for the datadir= line and make sure it points to your /home/mysql directory if that is where you have them, it ultimately adds the line --datadir=xxxx to the mysqld command. The other could be in your my.cnf file with the datadir= in the [mysqld] section pointing to that location. On my system it is the init.d script that sets it.
 
toml said:
There is more than one way to tell mysql where to look for the data directory. One is in the init.d script (/etc/init.d/mysqld on RHEL type systems), look for the datadir= line and make sure it points to your /home/mysql directory if that is where you have them, it ultimately adds the line --datadir=xxxx to the mysqld command. The other could be in your my.cnf file with the datadir= in the [mysqld] section pointing to that location. On my system it is the init.d script that sets it.
Click to expand...

I have 2 places where i can see files that look like my broken database...

I'm now trying to access the files in /usr/local/mysql/data , in there there is a pid file and all my db's so i think that's the dir i wanna recover :)
Now i have one other problem, when i do a ps i can see that de mysqld takes that dir an that pid file...
Now when i'm trying to open mysql command line or phpmyadlin or so it says that the root has a wrong password.
So i al trying to reset the root password with the mysqld_safe --skip-grant-tables & command but he won't do that...
 
your history washout from server.request to your server that give you backup and you lost your data.i hope server management will help you
 
You must log in or register to reply here.
Back
Top