-1

I have installed mysql to an ubuntu (Digital Ocean) server. There are no any extra security layers. Just basic installations.

Recently it was hacked and deleted with only one table which has the following message:

To recover your lost Database and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 17rDr5mbXjLdegWDFuWd61Ymhwm54GjtNK and contact us by Email with your Server IP or Domain name and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your Database is downloaded and backed up on our servers. Backups that we have right now: drm, eatoeat . If we dont receive your payment in the next 10 Days, we will make your database public or use them otherwise. | 17rDr5mbXjLdegWDFuWd61Ymhwm54GjtNK | support@mydatabase.to

When I checked there are lot of bitcoin abuse reports for this bitcoin address and the email associated with it.

What are the measures and steps I can take to prevent this from happening again?

Janaka Dombawela
  • 99
  • 2

1 Answers1

1

What are the measures and steps I can take to prevent this from happening again?

It is difficult to tell you what to do as you didn't tell us what you did. In general

  • Run mysql_secure_installation which will do some basic securing of a newly installed MySQL/mariadb server.
  • Only allow the database root user to access the system locally and always ensure that it has a strong passphrase.
  • Create users for each database and give them only the permissions they require to do what they need.
  • Only allow users to access their databases from the local system or specified hosts.
  • If applicable use a firewall to restrict access to your mysql port.
  • Write your applications with security in mind.

Further reading

user9517
  • 114,104
  • 20
  • 206
  • 289