RECOVER_YOUR_DATA勒索恢复

发表于 2024 年 1 月 22 日 惜分飞

mysql数据库被删除库的勒索新变种
20240122235221

会删除掉你的所有库里面表,并且在每个库里面创建一个RECOVER_YOUR_DATA表

[root@xff  appdata1]# cd receipt_2
[root@xff   receipt_2]# ls
db.opt  RECOVER_YOUR_DATA.frm  RECOVER_YOUR_DATA.ibd

并且创建一个RECOVER_YOUR_DATA数据库,里面有一张RECOVER_YOUR_DATA表

[root@xff RECOVER_YOUR_DATA]# ls -ltr
total 116
-rw-rw---- 1 mysql mysql    61 Jan 21 10:14 db.opt
-rw-rw---- 1 mysql mysql  8560 Jan 21 10:14 RECOVER_YOUR_DATA.frm
-rw-rw---- 1 mysql mysql 98304 Jan 21 10:14 RECOVER_YOUR_DATA.ibd

所有的RECOVER_YOUR_DATA表内容为:
All your data is backed up. You must pay 0.018 BTC to 164hyKPAoC5ecqkJ2ygeGoGFRcauWRLujV In 48 hours,
your data will be publicly disclosed and deleted. (more information: go to http://iplis.ru/data2)
After payment send mail to us: rambler+280cs@onionmail.org and
we will provide a link for you to download your data. Your DBCODE is: 280CS
这类的故障和以前恢复的A____Z____RECOVER____DATA勒索恢复基本上一样,对于类似这种RECOVER_YOUR_DATA勒索恢复,建议先对系统进行镜像或者快照,然后按照先os层面恢复,在block级别恢复的方法处理,如果无法自行解决,可以联系我们进行技术支持,最大限度抢救和数据,减少损失
电话/微信:17813235971    Q Q:107644445QQ咨询惜分飞    E-Mail:dba@xifenfei.com
另外建议加强系统和mysql安全加固,数据库尽量不要暴露在公网上

发表在 MySQL恢复 | 标签为 , , , | 评论关闭

ORA-01033: ORACLE initialization or shutdown in progress 故障处理

发表于 2024 年 1 月 22 日 惜分飞

客户反馈数据库使用plsql dev登录报ORA-01033: ORACLE initialization or shutdown in progress的错误
20240122211338

出现该错误一般是由于数据库没有正常open成功,查看oracle 告警日志发现

Mon Jan 22 16:55:50 2024
Database mounted in Exclusive Mode
Lost write protection disabled
Completed: alter database mount exclusive
alter database open
Beginning crash recovery of 1 threads
 parallel recovery started with 15 processes
Started redo scan
Completed redo scan
 read 139 KB redo, 70 data blocks need recovery
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7792.trc  (incident=20565):
ORA-00600: ??????, ??: [kcratr_nab_less_than_odr], [1], [1916], [28210], [28222], [], [], [], [], [], [], []
Incident details in: d:\app\administrator\diag\rdbms\orcl\orcl\incident\incdir_20565\orcl_ora_7792_i20565.trc
Mon Jan 22 16:55:57 2024
Trace dumping is performing id=[cdmp_20240122165557]
Aborting crash recovery due to error 600
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7792.trc:
ORA-00600: ??????, ??: [kcratr_nab_less_than_odr], [1], [1916], [28210], [28222], [], [], [], [], [], [], []
Errors in file d:\app\administrator\diag\rdbms\orcl\orcl\trace\orcl_ora_7792.trc:
ORA-00600: ??????, ??: [kcratr_nab_less_than_odr], [1], [1916], [28210], [28222], [], [], [], [], [], [], []
ORA-600 signalled during: alter database open...

这个错误比较常见,解决起来比较简单,参考:
kcratr_nab_less_than_odr
12c启动报kcratr_nab_less_than_odr
又一例ORA-600 kcratr_nab_less_than_odr
在恢复过程中中还遇到了ORA-00700 kcrf_split_brain_error错误,但是没有影响数据库open

Mon Jan 22 20:13:55 2024
alter database open
Beginning crash recovery of 1 threads
Started redo application at
 Thread 1: logseq 1916, block 27931
Recovery of Online Redo Log: Thread 1 Group 2 Seq 1916 Reading mem 0
  Mem# 0: D:\TEMP\ORCL\REDO02.LOG
Completed redo application of 0.00MB
Completed crash recovery at
 Thread 1: logseq 1916, block 28210, scn 43957072
 0 data blocks read, 0 data blocks written, 139 redo k-bytes read
Errors in file d:\app\xifenfei\diag\rdbms\orcl\orcl\trace\orcl_ora_6104.trc  (incident=15729):
ORA-00700: 软内部错误, 参数: [kcrf_split_brain_error], [1], [1916], [28222], [28209], [4], [], [], [], [], [], []
Incident details in: d:\app\xifenfei\diag\rdbms\orcl\orcl\incident\incdir_15729\orcl_ora_6104_i15729.trc
Mon Jan 22 20:13:56 2024
Trace dumping is performing id=[cdmp_20240122201356]
Mon Jan 22 20:13:56 2024
Thread 1 advanced to log sequence 1917 (thread open)
Thread 1 opened at log sequence 1917
  Current log# 3 seq# 1917 mem# 0: D:\TEMP\ORCL\REDO03.LOG
Successful open of redo thread 1
Mon Jan 22 20:13:56 2024
SMON: enabling cache recovery
Verifying file header compatibility for 11g tablespace encryption..
Verifying 11g file header compatibility for tablespace encryption completed
SMON: enabling tx recovery
Database Characterset is AL32UTF8
replication_dependency_tracking turned off (no async multimaster replication found)
WARNING: AQ_TM_PROCESSES is set to 0. System operation                     might be adversely affected.
Completed: alter database open

20240122201556

至此数据库open成功但是dbv检测system有很多坏块需要分析处理

C:\Users\XIFENFEI>dbv file=d:/temp/orcl/system01.dbf

DBVERIFY: Release 11.2.0.1.0 - Production on 星期一 1月 22 21:07:18 2024

Copyright (c) 1982, 2009, Oracle and/or its affiliates.  All rights reserved.

DBVERIFY - 开始验证: FILE = D:\TEMP\ORCL\SYSTEM01.DBF
页 106278 流入 - 很可能是介质损坏
Corrupt block relative dba: 0x00419f26 (file 1, block 106278)
Fractured block found during dbv:
Data in bad block:
 type: 6 format: 2 rdba: 0x00419f26
 last change scn: 0x0000.01410f78 seq: 0x2 flg: 0x04
 spare1: 0x0 spare2: 0x0 spare3: 0x0
 consistency value in tail: 0x00000000
 check value in block header: 0xbf11
 computed block checksum: 0xaf18

页 106279 标记为损坏
Corrupt block relative dba: 0x00419f27 (file 1, block 106279)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106280 标记为损坏
Corrupt block relative dba: 0x00419f28 (file 1, block 106280)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106281 标记为损坏
Corrupt block relative dba: 0x00419f29 (file 1, block 106281)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106282 标记为损坏
Corrupt block relative dba: 0x00419f2a (file 1, block 106282)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106283 标记为损坏
Corrupt block relative dba: 0x00419f2b (file 1, block 106283)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106284 标记为损坏
Corrupt block relative dba: 0x00419f2c (file 1, block 106284)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106285 标记为损坏
Corrupt block relative dba: 0x00419f2d (file 1, block 106285)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 106286 标记为损坏
Corrupt block relative dba: 0x00419f2e (file 1, block 106286)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x2c310602
 check value in block header: 0xbbb2
 block checksum disabled

页 143094 流入 - 很可能是介质损坏
Corrupt block relative dba: 0x00422ef6 (file 1, block 143094)
Fractured block found during dbv:
Data in bad block:
 type: 6 format: 2 rdba: 0x00422ef6
 last change scn: 0x0000.028f863b seq: 0x2 flg: 0x04
 spare1: 0x0 spare2: 0x0 spare3: 0x0
 consistency value in tail: 0x00000000
 check value in block header: 0xda23
 computed block checksum: 0x4210

页 143095 标记为损坏
Corrupt block relative dba: 0x00422ef7 (file 1, block 143095)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143096 标记为损坏
Corrupt block relative dba: 0x00422ef8 (file 1, block 143096)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143097 标记为损坏
Corrupt block relative dba: 0x00422ef9 (file 1, block 143097)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143098 标记为损坏
Corrupt block relative dba: 0x00422efa (file 1, block 143098)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143099 标记为损坏
Corrupt block relative dba: 0x00422efb (file 1, block 143099)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143100 标记为损坏
Corrupt block relative dba: 0x00422efc (file 1, block 143100)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143101 标记为损坏
Corrupt block relative dba: 0x00422efd (file 1, block 143101)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x00000000
 check value in block header: 0xbbb2
 block checksum disabled

页 143102 标记为损坏
Corrupt block relative dba: 0x00422efe (file 1, block 143102)
Bad header found during dbv:
Data in bad block:
 type: 178 format: 3 rdba: 0xc8c9c1b6
 last change scn: 0x0000.0a0df8c7 seq: 0x0 flg: 0x00
 spare1: 0xbf spare2: 0xc9 spare3: 0xc9bf
 consistency value in tail: 0x8a780602
 check value in block header: 0xbbb2
 block checksum disabled



DBVERIFY - 验证完成

检查的页总数: 152320
处理的页总数 (数据): 115189
失败的页总数 (数据): 0
处理的页总数 (索引): 13086
失败的页总数 (索引): 0
处理的页总数 (其他): 9741
处理的总页数 (段)  : 1
失败的总页数 (段)  : 0
空的页总数: 14286
标记为损坏的总页数: 18
流入的页总数: 2
加密的总页数        : 0
最高块 SCN            : 44036082 (0.44036082)

通过分析aud$的extent,确认这些坏块全部属于该对象

SQL> select block_id,blocks from dba_extents where segment_name='AUD$';

  BLOCK_ID     BLOCKS
---------- ----------
…………
    102016       1024
    103040       1024
    104064       1024
    105088       1024
    106112       1024
…………
    141056       1024
    142080       1024
    143104       1024

已选择124行。

处理方法比较简单,直接truncate aud$表即可

发表在 Oracle备份恢复 | 标签为 , , | 评论关闭

Oracle 19c/21c最新patch信息-202401

发表于 2024 年 1 月 19 日 惜分飞

2024年1月份,19c和21c最新patch信息

21.0.0.0
 Description  Database Update  GI Update  Windows Bundle Patch
  JAN2024 (21.13.0.0.0) 36041222  36031790  35962857
  OCT2023 (21.12.0.0.0) 35740258  35738010  35681617
  JUL2023  (21.11.0.0.0) 35428978  35427907  35347974
  APR2023 (21.10.0.0.0) 35134934  35132566  35046488
  JAN2023 (21.9.0.0.0) 34839741  34838415  34750812
  Oct2022 (21.8.0.0.0) 34527084  34526142  34468137
  JUL2022 (21.7.0.0.0) 34160444  34155589  34110698
  APR2022 (21.6.0.0.0) 33843745  33859395  33829143
  JAN2022 (21.5.0.0.0) 33516412  33531909  33589769
 OCT2021 (21.4.0.0.0) 33239276  33250101  NA
19.0.0.0
 Description  Database Update  GI Update  Windows Bundle Patch
 JAN2024 (19.22.0.0.0) 35943157  35940989  35962832
 OCT2023 (19.21.0.0.0) 35643107  35642822  35681552
 JUL2023 (19.20.0.0.0) 35320081  35319490  35348034
 APR2023 (19.19.0.0.0) 35042068  35037840  35046439
 JAN2023 (19.18.0.0.0) 34765931  34762026  34750795
 Oct2022 (19.17.0.0.0) 34419443  34416665  34468114
 JUL2022 (19.16.0.0.0) 34133642  34130714  34110685
 APR2022 (19.15.0.0.0) 33806152  33803476  33829175
 JAN2022 (19.14.0.0.0) 33515361  33509923  33575656
 OCT2021(19.13.0.0.0) 33192793  33182768  33155330
 JUL2021 (19.12.0.0.0) 32904851  32895426  32832237
 APR2021 (19.11.0.0.0) 32545013  32545008  32409154
 JAN2021 (19.10.0.0.0) 32218454  32226239  32062765
 OCT2020 (19.9.0.0.0) 31771877  31750108  31719903
 JUL2020  (19.8.0.0.0) 31281355  31305339  31247621
 APR2020 (19.7.0.0.0) 30869156  30899722  30901317
 JAN2020 (19.6.0.0.0) 30557433  30501910  30445947
 OCT2019 (19.5.0.0.0) 30125133  30116789  30151705
 JUL2019 (19.4.0.0.0) 29834717  29708769   NA
 APR2019 (19.3.0.0.0) 29517242  29517302   NA

 

 

19.0.0.0
 Description  OJVM Update  OJVM + DB Update  OJVM + GI Update
 JAN2024 (19.22.0.0.240116)  35926646  36031426  36031453
 OCT2023 (19.21.0.0.231017)  35648110  35742413  35742441
 JUL2023 (19.20.0.0.230718)  35354406  35370174  35370167
 APR2023 (19.19.0.0.230418)  35050341  35058163  35058172
 JAN2023 (19.18.0.0.230117)  34786990  34773489  34773504
 OCT2022 (19.17.0.0.221018)  34411846  34449114  34449117
 JUL2022 (19.16.0.0.220719)  34086870  34160831  34160854
 APR2022 (19.15.0.0.220419)  33808367  33859194  33859214
 JAN2022 (19.14.0.0.220118)  33561310  33567270  33567274
 OCT2021 (19.13.0.0.211019)  33192694  33248420  33248471
 JUL2021 (19.12.0.0.210720)  32876380  32900021  32900083
 APR2021 (19.11.0.0.210420)  32399816  32578972  32578973
 JAN2021 (19.10.0.0.210119)  32067171  32126828  32126842
 OCT2020 (19.9.0.0.201020)  31668882  31720396  31720429
 JUL2020 (19.8.0.0.200714)  31219897  31326362  31326369
 APR2020 (19.7.0.0.200414)  30805684  30783543  30783556
 JAN2020 (19.6.0.0.200114)  30484981  30463595  30463609
 OCT2019 (19.5.0.0.191015)  30128191  30133124  30133178
 JUL2019 (19.4.0.0.190716)  29774421  29699079  29699097
 APR2019 (19.3.0.0.190416)  29548437  29621253  29621299

参考:Assistant: Download Reference for Oracle Database/GI Update, Revision, PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases (Doc ID 2118136.2)

发表在 Oracle安装升级 | 标签为 , , , | 评论关闭