# All my databases are gone! (MySQL)

## __henke

Hello.

Went to bed around 23:30 yesterday. Last thing I did was changing the theme on my blog,

Now 09:00, I wanted to write a new entry on the blog. And I got this error: "Error establishing a database connection".

Thought what the hell. Is the server down? So I checked Cacti, and got an error there too. Now I restarted MySQL. Starts OK, everything seems fine, but no contact still.

So, I went to check phpmyadmin. No I have two databases there:

information_schema

mysql

That is just pure bullshit. I had at least 15 different databases there. What the hell has happened? Im having a feeling that mysql has changed its datadir or something in a release, but I dont really know. 

Please please help me!

----------

## bunder

sounds like something dropped your databases...  is there any data in the users table from before, or is that gone too?  typically phpmyadmin won't work without being able to log on...   :Confused: 

----------

## __henke

 *bunder wrote:*   

> sounds like something dropped your databases...  is there any data in the users table from before, or is that gone too?  typically phpmyadmin won't work without being able to log on...  

 

Phpmyadmin looks like its just been installed. Except... you didn't have to configure it, at all.

http://henkee.se/bilder/phpmya.png

EDIT: Where does MySQL save the databases on the HDD?

----------

## bunder

 *__henke wrote:*   

> EDIT: Where does MySQL save the databases on the HDD?

 

/var/lib/mysql - and the databases (other than information_schema and mysql) are in subfolders of that directory.

 *Quote:*   

> Phpmyadmin looks like its just been installed. Except... you didn't have to configure it, at all. 

 

if you go to the privileges section, are there any existing users from your software still there?

another thing to check would be mysql logs...  maybe the databases got corrupted...    :Confused: 

cheers

----------

## __henke

 *bunder wrote:*   

>  *__henke wrote:*   EDIT: Where does MySQL save the databases on the HDD? 
> 
> /var/lib/mysql - and the databases (other than information_schema and mysql) are in subfolders of that directory.
> 
>  *Quote:*   Phpmyadmin looks like its just been installed. Except... you didn't have to configure it, at all.  
> ...

 

It sounds stupid but I only use root. Now... if I knew this day would come. I've wouldn't have. Seem like something wiped my server. Logs say nothing. Empty. Exept mysqld.err.

in /var/lib/mysql:

```
henkee mysql # ls -lsha

total 398M

 512 drwxr-x---  3 mysql mysql  592 Mar  8 09:13 .

 512 drwxr-xr-x 19 root  root   488 Oct 10 14:24 ..

5.1M -rw-rw----  1 mysql mysql 5.0M May 24  2007 ib_logfile0

5.1M -rw-rw----  1 mysql mysql 5.0M Feb  9  2007 ib_logfile1

 19M -rw-rw----  1 mysql mysql  18M May 24  2007 ibdata1

1.5K drwx------  2 mysql root  1.8K Feb  9  2007 mysql

4.0K -rw-rw----  1 mysql mysql   98 Mar  8 09:13 mysqld-bin.000001

4.0K -rw-rw----  1 mysql mysql   20 Mar  8 09:13 mysqld-bin.index

 16K -rw-rw----  1 mysql mysql  15K Feb  9  2007 vaermland-bin.000001

493K -rw-rw----  1 mysql mysql 491K Feb  9  2007 vaermland-bin.000002

231M -rw-rw----  1 mysql mysql 231M Feb 10  2007 vaermland-bin.000003

268K -rw-rw----  1 mysql mysql 266K Feb 17  2007 vaermland-bin.000004

 26M -rw-rw----  1 mysql mysql  26M Mar  2  2007 vaermland-bin.000005

6.7M -rw-rw----  1 mysql mysql 6.7M Mar  6  2007 vaermland-bin.000006

104M -rw-rw----  1 mysql mysql 104M May  5  2007 vaermland-bin.000007

2.0M -rw-rw----  1 mysql mysql 2.0M May 24  2007 vaermland-bin.000008

4.0K -rw-rw----  1 mysql mysql  184 May 22  2007 vaermland-bin.index

```

----------

## bunder

 *__henke wrote:*   

> Logs say nothing. Empty. Exept mysqld.err.

 

mine's like that too... i wouldn't worry about that part...

if you check your apache's access log, you might be able to find out who accessed your phpmyadmin...  might be something to look into, unless they connected to the mysql daemon directly.

cheers

----------

## __henke

 *bunder wrote:*   

>  *__henke wrote:*   Logs say nothing. Empty. Exept mysqld.err. 
> 
> mine's like that too... i wouldn't worry about that part...
> 
> if you check your apache's access log, you might be able to find out who accessed your phpmyadmin...  might be something to look into, unless they connected to the mysql daemon directly.
> ...

 

I'll do that. But, there is one thing. My access.log is 1.1Gb. I have constant traffic on my server, just look at Awstats on http://henkee.se so...

Is there any way to filter out with some grep command... like...

cat | grep phpmyadmin

----------

## bunder

 *__henke wrote:*   

> I'll do that. But, there is one thing. My access.log is 1.1Gb. I have constant traffic on my server, just look at Awstats on http://henkee.se so...
> 
> Is there any way to filter out with some grep command... like...
> 
> cat | grep phpmyadmin

 

sure.

`grep phpmyadmin /var/log/apache2/access.log | less` or something should do okay...

----------

## jcat

Do you have a recent backup?

Cheers,

jcat

----------

## __henke

 *jcat wrote:*   

> Do you have a recent backup?
> 
> Cheers,
> 
> jcat

 

Nop, I don't. Didnt think some low life scumbag would do such thing. Assholes.

----------

## __henke

41.232.225.210 - Thats the asshole IP that logged in on my phpmyadmin 06:24, 08 Mars. If we look at my mrtg sql log it looks like this:

http://henkee.se/bilder/mysqlmrtglort.png

It seems most likley that is the guy. In messages log, he has also tried to log in to the root account of the server also. Tough luck asshole.

Well... will send a mail to abuse thing at arfinet... Just so it feels better for me. Time to make my server secure.

----------

## jcat

You connected your computer to the internet, maybe you learned the hard way but the internet is full of bad people trying to do bad things!  To be fair you _have_ to expect someone to try something like that sooner or later.

Plus, your hard drive might have died tomorrow, backups are not just to recover from a compromised host situation.

I sympathise, I really do, but data backup is like computing 101.  I just hate to see people learn the hard way.

If I can assist in helping you lock down your config, or coming up with a backup scheme please let me know.

Cheers,

jcat

----------

## __henke

 *jcat wrote:*   

> You connected your computer to the internet, maybe you learned the hard way but the internet is full of bad people trying to do bad things!  To be fair you _have_ to expect someone to try something like that sooner or later.
> 
> Plus, your hard drive might have died tomorrow, backups are not just to recover from a compromised host situation.
> 
> I sympathise, I really do, but data backup is like computing 101.  I just hate to see people learn the hard way.
> ...

 

Yeas, precicley. And now, the sadest thing: I know all this. It all comes down to lazyness. Sucks. There were many times when I thought "backup, nah, not today. I'm an innocent guy from Sweden who cares. I'll do it some other day". And I cant blame anyone else but me either. Sucks even more :/

No, __henke, just suck it up and think of some more security.

----------

