mysqld in Linux hacked

Check for crap in /var/lib/mysql like this

 

ls -al /var/lib/mysql/
total 20888
drwxr-xr-x 24 mysql mysql     4096 Oct  3 18:30 .
drwxr-xr-x 20 root  root      4096 Oct  3 04:23 ..

-rw-rw-rw-  1 mysql mysql    11776 Oct  3 17:10 c:\exp.exe
-rw-rw-rw-  1 mysql mysql    48128 Oct  3 17:10 c:\exp1.exe
-rw-rw-rw-  1 mysql mysql    55296 Oct  3 17:10 c:\exp2.exe
-rw-rw-rw-  1 mysql mysql    33812 Oct  3 17:10 c:\tan.exe
-rw-rw-rw-  1 mysql mysql    45056 Oct  3 17:10 c:\tan1.exe
 

This happened to a client who didn't firewall their port 3306 and had a weak root password.


Tags:

mysqld, linux, hackedcheck, var, lib, mysql, ls, drwxr, xr, oct, rw, exp, exe, tan, didn, firewall, password,

Latest Articles

  • Cisco Router Setup Guide and Tutorial Howto With Commands and Examples
  • Linux Bash Script To List All Connected IPs and their network name
  • Cisco Switches How To Get Of Port Line Status Console Messages
  • Cisco DHCP Snooping Relay Setup Information
  • Cisco Switch Setup Guide Command List
  • Cisco 2960 Switch Reset To Factory Defaults
  • How To Boot Cisco CUCM UCSInstall 8.6, 10, 11 and 12 on KVM/Proxmox
  • VBOX VirtualBox How To Import Raw .img Disk File
  • Windows Server 2012, 2016, 2019 How To Install and Missing Disabled Telnet Client
  • proxmox vm networking breaks when you restart your network on the hostnode
  • Linux ln symlink how to update existing symbolic link
  • Ubuntu 18.04 / Linux Mint 19.1 Cannot Type or Login - solution
  • LUKS Hard Drive Encryption on Linux Mint Ubuntu Debian etc how to mount encrypted hard drive
  • How to use nmap locate other machines/computers/servers on your network using nmap
  • Linux Mint 18.2 Create Config File To Start Application Upon Login
  • Dell Wyse Thin Client BIOS Access Key
  • sudoers file in /etc warning about comments/includes!
  • Centos 7 Reallocate logical volume space to another
  • lvm how to reduce volume size
  • letsencrypt certbot error "Unable to find a virtual host listening on port 80 which is currently needed for Certbot to prove to the CA that you control your domain. Please add a virtual host for port 80."