Error establishing a database connection 的解决方法(发现黑客入侵)

今天网站跪了，报这个错。看起来是数据库链接不上。 先看看数据库日志

tail -f /var/log/mysql/error.log
复制代码

2018-10-11T06:17:01.326500Z 0 [ERROR] InnoDB: mmap(137428992 bytes) failed; errno 12
2018-10-11T06:17:01.326539Z 0 [ERROR] InnoDB: Cannot allocate memory for the buffer pool
2018-10-11T06:17:01.326546Z 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2018-10-11T06:17:01.326558Z 0 [ERROR] Plugin 'InnoDB' init function returned error.
2018-10-11T06:17:01.326566Z 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2018-10-11T06:17:01.326574Z 0 [ERROR] Failed to initialize builtin plugins.
2018-10-11T06:17:01.327597Z 0 [ERROR] Aborting
复制代码

能够看到内存已经不能分配了,为何会出现这种状况，继续看日志

more /var/log/mysql/error.log
复制代码

2018-10-10T16:16:44.823992Z 4881 [Note] Access denied for user 'ubnt'@'lith03.synserver.de' (using password: YES)
2018-10-10T16:16:45.459721Z 4882 [Note] Access denied for user 'crc'@'lith03.synserver.de' (using password: YES)
2018-10-10T16:16:46.098390Z 4883 [Note] Access denied for user 'daniel'@'lith03.synserver.de' (using password: YES)
2018-10-10T16:16:46.766732Z 4884 [Note] Access denied for user 'adela'@'lith03.synserver.de' (using password: YES)
2018-10-10T16:16:47.377469Z 4885 [Note] Access denied for user 'backup'@'lith03.synserver.de' (using password: YES)
2018-10-10T16:16:48.006207Z 4886 [Note] Access denied for user 'globalflash'@'lith03.synserver.de' (using password: YES)
2018-10-10T16:16:48.656288Z 4887 [Note] Access denied for user 'postgres'@'lith03.synserver.de' (using password: YES)

2018-10-10T18:38:15.148337Z 4911 [Warning] IP address '58.218.203.20' could not be resolved: Name or service not known
2018-10-10T18:38:15.171867Z 4911 [Note] Access denied for user 'root'@'58.218.203.20' (using password: NO)
2018-10-10T18:38:17.513397Z 4912 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:18.942069Z 4913 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:19.770001Z 4914 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:20.874018Z 4915 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:21.358199Z 4916 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:21.880487Z 4917 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:22.432496Z 4918 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
2018-10-10T18:38:23.159666Z 4919 [Note] Access denied for user 'root'@'58.218.203.20' (using password: YES)
复制代码

可怕 有人在暴力破解个人数据库。

查到lith03.synserver.de 这个ip 是德国的 多是租的服务器 可是下面那个58.218.203.20 这个是江苏苏州的，不知道是否是vps。 直接访问也访问不了。

继续看日志

出现了个新的ip 查一下仍是江苏的。

试着访问了一下能够访问 ,是个hsf 启动的服务

试着下载了这个 3306结果.rar

打开吓一跳 全都是数据库破解后的账号和密码

吓的我赶忙打开防火墙，禁止3306端口

试着访问了其中几个ip 的网站 发现不少中招的网站。但愿你们赶忙改了数据库密码，禁止远程访问。可怕！！！

说了这么多本身的数据库还要起起来，

修改my.cnf 添加

innodb_buffer_pool_size = 50M
复制代码

重启

sudo /etc/init.d/mysql restart
复制代码

但愿你们引觉得戒。作好防御