How can I retrieve a deleted MySQL database?
I've discovered that an unknown individual has accessed my Linode and deleted the MySQL database. What options do I have to recover the database and restore the files?
How can I make sure that the files have not been modified? What are some recommended methods to ensure that something like this doesn't occur again?
I'm running Ubuntu 19.10 and MySQL.
2 Replies
You write:
What options do I have to recover the database and restore the files?
If you have backups enabled, you can certainly recover the database from the backup that was taken before the incident happened.
If you don't have backups enabled, then IMHO you are out of luck.
You write:
How can I make sure that the files have not been modified? What are some recommended methods to ensure that something like this doesn't occur again?
As to your first question, you can rely on the modification date that the filesystem maintains. If the modification date is on or after the incident, then the file was probably modified.
As to the second question, don't be so free with sudo
, the root password or otherwise handing out elevated system privileges. Every requestor of elevated system privileges should have a reason to have them. I realize that even doing this is not an iron-clad guarantee against vandalism but it will certainly go a long way toward keeping it from happening again.
-- sw
What are some recommended methods to ensure that something like this doesn't occur again?
As well as @stevewi’s valid points…. backups, backups, BACKUPS!
I run hourly off-site dumps and backups (as well as daily full filesystem backups) to Backblaze; costs me about $2/month. The most transactional data I’d lose if this happened to me is an hour’s worth.
Also if said individual deleted a database via PhpMyAdmin using a compromised account, switch on 2 factor authentication for your PMA accounts, or consider locking down other accounts’ privileges.