-
加我微信
加我QQ
-
3D Cloud
asm mount asm恢复 bbed bootstrap$ dmp损坏 dul In Memory kccpb_sanity_check_2 kfed MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2662 ORA-600 3020 ORA-600 4000 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kccpb_sanity_check_2 ORA-15042 ORACLE 12C oracle dul ORACLE PATCH oracle勒索 oracle勒索病毒 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 redo异常 YOUR FILES ARE ENCRYPTED _ALLOW_RESETLOGS_CORRUPTION 勒索恢复 数据库恢复 比特币 比特币 oracle 比特币加密 比特币勒索
文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (85)
- 数据库 (1,287)
- DB2 (22)
- MySQL (55)
- Oracle (1,175)
- Data Guard (39)
- EXADATA (7)
- GoldenGate (19)
- ORA-xxxxx (145)
- ORACLE 12C (71)
- ORACLE 18C (6)
- ORACLE 19C (8)
- Oracle ASM (52)
- Oracle Bug (7)
- Oracle RAC (40)
- Oracle 安全 (6)
- Oracle 开发 (25)
- Oracle 监听 (26)
- Oracle备份恢复 (385)
- Oracle安装升级 (53)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (37)
- PostgreSQL (11)
- SQL Server (25)
- SQL Server恢复 (6)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (21)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (4)
-
最近发表
- Assistant: Download Reference for Oracle Database/GI PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases-202010
- ORA-01034 ORA-27101故障分析
- 数据库打开遭遇ORA-08103故障处理
- ORA-15196: invalid ASM block header [kfc.c:26368]故障恢复
- rman 文件被加密恢复支持
- .[data@recovery.sx].data加密数据库恢复
- ORA-00600: internal error code, arguments: [6006], [1], [], [], [], [], [], []
- 一键恢复ORA-01113 ORA-01110—Oracle Recovery Tools
- Oracle Recovery Tools解决ORA-00279 ORA-00289 ORA-00280故障
- 数据库升级遭遇ORA-04063: package body “SYS.DBMS_SQLTUNE”
- Oracle Recovery Tools恢复MISSING00000文件故障
- 重命名sys用户引起数据库启动报ORA-01092 ORA-00600 kokasgi1错误
- coincidenceleague加密数据库恢复
- Oracle Recovery Tools—202008
- Oracle恢复小工具—Oracle Recovery Tools
- Assistant: Download Reference for Oracle Database/GI PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases-202007
- win asm disk header 异常恢复
- [squadhack@email.tg].Devos加密数据库恢复
- 系统故障oracle数据库恢复
- .lockbit加密数据库恢复
友情链接
分类目录归档:MySQL
又一起mysql rm删除数据库目录事故
有mysql用户直接使用rm命令删除了所在数据库目录文件夹(删除途中发现删除错误,直接强制终止使得部分删除,部分文件得以保留),如果数据库没有crash,这个问题不大,可以直接通过句柄进行恢复出来对应的ibd文件,然后进行一些特殊处理,数据理论上不会有丢失,参见:mysql 数据库目录被删除恢复.对于这次的情况,只能通过文件系统级别进行恢复,不过该数据库表比较多,大概删除了几千个文件,而且文件系统是ext4,导致大量文件目录被置空,而且该库还运行了一段时间
看来文件恢复删除这条路,基本上很难走得通,可以通过底层碎片技术恢复,通过底层扫描,找到不少碎片
由于涉及的库表多,一个个处理太费时间,通过批量脚本直接解析扫描出来的碎片,并且对其进行入库处理
DBLOGIN=”-uroot ”
DICT_DBNAME=test
RECOVER_DBNAME=xifenfei
WORK_PATH=”/nfs_share/mysql-xff”
cd $WORK_PATH
>/tmp/recover_table_list.$RECOVER_DBNAME
>/tmp/recover_table_parser.$RECOVER_DBNAME
>/tmp/recover_table_unload.$RECOVER_DBNAME
rm -rf /tmp/recover_table_unload_$RECOVER_DBNAME.tmp
echo “tee /tmp/recover_table_unload_$RECOVER_DBNAME.tmp” >/tmp/recover_table_unload.$RECOVER_DBNAME
echo “SET @enable_trigger = 0;”>>/tmp/recover_table_unload.$RECOVER_DBNAME
echo “SET FOREIGN_KEY_CHECKS=0;” >>/tmp/recover_table_unload.$RECOVER_DBNAME
for TABLE_NAME_ID in `mysql $DBLOGIN $DICT_DBNAME -NBe “SELECT SYS_TABLES.NAME FROM SYS_TABLES LEFT JOIN SYS_INDEXES ON SYS_TABLES.ID = SYS_INDEXES.TABLE_ID WHERE SYS_INDEXES.NAME IN (‘PRIMARY’, ‘GENERAL_CLUSTERED_INDEX’) AND SYS_TABLES.NAME LIKE ‘${RECOVER_DBNAME}/%’”`
do
PKEY=`mysql $DBLOGIN $DICT_DBNAME -NBe “SELECT SYS_INDEXES.ID FROM SYS_TABLES LEFT JOIN SYS_INDEXES ON SYS_TABLES.ID = SYS_INDEXES.TABLE_ID WHERE SYS_INDEXES.NAME IN (‘PRIMARY’, ‘GENERAL_CLUSTERED_INDEX’) AND SYS_TABLES.NAME=’$TABLE_NAME_ID’”`
echo $TABLE_NAME_ID’,’$PKEY >>/tmp/recover_table_list.$RECOVER_DBNAME
TABLE_NAME=$(echo `echo $TABLE_NAME_ID`|awk -F”/” ‘{print $2}’ )
#echo $TABLE_NAME
PAGE=”pages-ibdata1/FIL_PAGE_INDEX/`printf ‘%016u’ ${PKEY}`.page”
echo “./c_parser -5f $PAGE -b pages-ibdata1/FIL_PAGE_TYPE_BLOB -t dictionary/$TABLE_NAME.sql > dumps/default/$TABLE_NAME 2> dumps/default/$TABLE_NAME.sql” >>/tmp/recover_table_parser.$RECOVER_DBNAME
echo “source dumps/default/$TABLE_NAME.sql” >>/tmp/recover_table_unload.$RECOVER_DBNAME
echo “select ‘$TABLE_NAME.sql……done’;”>>/tmp/recover_table_unload.$RECOVER_DBNAME
done
echo /tmp/recover_table_parser.$RECOVER_DBNAME
echo /tmp/recover_table_unload.$RECOVER_DBNAME
恢复之后数据整体入库,查询部分没有覆盖表,效果尚可,最大限度抢救了数据
mysql ibd文件被加密恢复
又一起mysql的ibd文件被加密勒索的恢复请求
通过分析,该文件只有部分被加密,理论上通过底层分析,可以恢复没有被破坏的部分数据
通过处理恢复数据
又一次证明,我们对于mysql文件被加密的勒索病毒,也可以实现较好恢复
如果是Innodb_file_per_table参数为false(5.6之前版本默认为false),需要通过ibdata文件进行恢复,Innodb_file_per_table如果为true,需要通过每个单独的ibd进行恢复.
如果您的数据库(oracle,mysql sql server)不幸被比特币加密,可以联系我们
Tel/微信:13429648788 Q Q:107644445
E-Mail:dba@xifenfei.com提供专业的解密恢复服务.
MySQL勒索恢复
最近遇到几个mysql数据库被黑客删除库,并且留下比特币勒索信息在每个库的WARNING表中
mysql> desc WARNING
-> ;
+-----------------+----------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+----------+------+-----+---------+-------+
| id | int(11) | YES | | NULL | |
| warning | longtext | YES | | NULL | |
| Bitcoin_Address | longtext | YES | | NULL | |
| Email | longtext | YES | | NULL | |
+-----------------+----------+------+-----+---------+-------+
4 rows in set (0.00 sec)
mysql> select * from WARNING;
+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+
| id | warning | Bitcoin_Address | Email |
+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+
| 1 | To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: xxxx,xxxxxx,xxxxxxxx,xxxxxxx . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. | 1BLYhUDmnmVPVjcTWgc6gFT6DCYwbVieUD | contact@sqldb.to |
+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+
1 row in set (0.00 sec)
大概的意思就是:我们已经把你的数据库备份,您交给我们0.06个比特币,我们把数据给你,如果10天之内我们没有收到款,即将把数据库给公开或者作为其他用途.根据我们以往接触的朋友经验,付款之后数据库也不会给你(很可能黑客根本就没有备份数据库,只是删除了数据库然后勒索比特币.
对于这类情况,通过分析,确认黑客是删除了数据库,在没有覆盖的情况下,我们可以对其数据进行恢复,处理类似:MySQL drop database恢复(恢复方法同样适用MySQL drop table,delete,truncate table)最大限度缓解因为数据库被破坏带来的损失.
如果您也遭遇到该问题,请保护现场,不要导入备份数据库,不要对数据所在分区进行写操作(现场保护的越好,数据恢复效果越好),对相关磁盘进行镜像,防止二次破坏.我们可以提供专业的mysql恢复服务,为您减少损失.