Centos 7.3 Install Apache 2.4 MySQL 5.6 PHP7 Develop Paper

I got pwned: a cautionary tale

As background, I've been playing with a Digital Ocean instance for the past few months - getting DNS and Let's Encrypt set up, setting up nginx as a reverse proxy, and now setting up nextcloud.
Last week, I was pretty pleased with myself. I installed the Calendar plug-in and started syncing my calendar - independently of Google! Today I started getting from 500 errors popping up on my phone. I didn't think much of it - I figured something was weird with nextcloud, I had overlooked something, and I could figure it out when I got home. Unfortunately, I just found this in my database.
centos:~/src/nextcloud-config$ mysql -h 172.20.0.1 -P 3306 -u nextcloud -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.4.8-MariaDB-1:10.4.8+maria~bionic mariadb.org binary distribution Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | nextcloud | +--------------------+ 2 rows in set (0.00 sec) MariaDB [(none)]> USE nextcloud; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [nextcloud]> SHOW TABLES; +---------------------+ | Tables_in_nextcloud | +---------------------+ | WARNING | +---------------------+ 1 row in set (0.00 sec) MariaDB [nextcloud]> SELECT * FROM WARNING; +----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ | id | warning | Bitcoin_Address | Email | +----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ | 1 | To recover your lost Database and avoid leaking it: Send us 0.06 Bitcoin (BTC) to our Bitcoin address ieUD and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: nextcloud . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. | ieUD | [email protected] | +----+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+------------------+ 1 row in set (0.01 sec) 
I have no intention of paying the ransom. 1) They have a few calendar events and some example documents from me. 2) Even if I pay, there's no guarantee they would send me a copy of the data.
All things equal, I feel lucky this happened so soon ... I only lost like 3 calendar events, all of which I can recreate from memory. I guess I need to back up and re-evaluate my security assumptions (notably to make backups early).
In the hopes of detecting the root cause, here is my (redacted) nginx access.log from today: https://pastebin.com/JQ64ctcG Naturally my judgment is in question, ha ha, but I did see a few suspicious-looking entries (some suspicious-looking stuff in there (github.com/robertdavidgraham/masscan, some calls to /login and /wp-admin, some requests that look like binary data...). If anyone could help me understand how my server was compromised, it would be much appreciated.
Thanks all ... remember that weird shit like "entire Internet scanner" exists ... :-(
edit: Thank you all so much. Based on the ideas from the comments, the prevailing hypothesis about the root cause is:
- no firewall was active, either through the host admin panel (Digital Ocean) or in Linux itself
- In the course of troubleshooting, I had exposed port 3306 on my database container to anyone with access to my droplet, i.e. the whole Internet (via DNS). My intention was to expose the port only to other processes on my droplet, but I unintentionally exposed it publicly.
- I had an extremely weak root password
- With the "masscan" port-scanning tool, the vulnerability was detected by an attacker quite quickly, like within a week of me having this configuration active. Then a simple dictionary attack would have let them into root in my mariadb container.
Well ... knowledge is half the battle. Thanks again everyone ... I hope this thread will help a future lost soul who finds themselves in a similar circumstance.
submitted by silvertoothpaste to NextCloud [link] [comments]

Installing MySQL on CentOS7 - YouTube Install and Configure MySQL Server on CentOS7/RHEL7 - YouTube How to Install MySQL on CentOS 8 RHEL 8 How to install Mariadb (MySQL) on CentOs7 - YouTube How to install mysql on CentOS 7

I'm trying to follow the instructions here. 1) I can't find CentOS listed as an operating system on the MySQL website. So I downloaded the mysql-8.0.11.tar.gz from the MySQL website: MySQL Commun... Install MySQL Workbench on CentOS 8. The next sections will demonstrate step-by-step installation of MySQL Workbench on CentOS 8 Desktop machine. If you have not done a recent update of your operating system I’ll recommend you fire commands below in your terminal to make sure you’re rolling on latest OS updates. sudo dnf -y update sudo systemctl reboot Add MySQL Repository to CentOS 8 ... As mentioned by Tony above, [the accepted answer], here is a step by step guide for how to install mysql 5.7 on centos 8. Just in case the blog goes down someday, here is the excerpt of all the steps involved. step1: remove mysql default stream. sudo dnf remove @mysql sudo dnf module reset mysql && sudo dnf module disable mysql step2: add mysql ... In this tutorial I will show you how to install MySQL Database on CentOS 7.5 operating system using the yum commands and the built in utilities of CentOS. It can be installed from source, or additional ways, but we will do it using CentOS native commands. Firstly let’s make sure to update our system before […] This guide is to help you with Installing MySQL Server on CentOS 7 / CentOS 6. I’ll show you how to install MySQL 5.5/5.6/5.7 and the latest stable release of MySQL, which as of this writing is MySQL 8.0. To start installing MySQL server on CentOS 7/6, you need to add the official MySQL community repository to your system. Run below commands ...

[index] [50263] [9541] [44109] [48886] [20597] [51496] [12592] [15107] [39271] [38987]

Installing MySQL on CentOS7 - YouTube

mysql installation install mariadb mysql on apache centos server database management system installation centos This quick video will show you the steps required to install MySQL server on your CentOS Linux server. For the full tutorial, check out the CentOS Blog artic... How to Install MySQL on CentOS 8 RHEL 8 linux install mysql sudo yum install mysql-server sudo systemctl enable mysqld sudo systemctl start mysqld sudo systemctl status mysqld sudo mysql_secure ... This video helps you to install and configure MySQL Server on CentOS7 server Installing mysql server in Centos using Yum, initial startup and and securing the users in 5 minutes.

#