MySQL使用备份和binlog进行数据恢复-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

MySQL使用备份和binlog进行数据恢复

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 04:42 PM

binlog

本文主要描述了MySQL遭到攻击篡改数据，利用从库的备份和主库的Binlog进行不完全恢复。

MySQL使用备份和binlog进行数据恢复

一、发现问题

今天是2014-09-26，开发大清早就说昨晚数据库遭到了攻击。数据库中某文章表的文章内容字段遭到篡改，全部改成了同一篇文章。

通过查看日制发现数据是在 2014-09-25 21:53:57 遭到篡改。

所有的内容全部被改成了如下：

MySQL使用备份和binlog进行数据恢复

我把文章贴出来，先谴责一下，很可能是某旅游社的人为了打广告雇人干的。

二、解决方法

这个库我们是每天凌晨备份，保留30天的备份。主库的Binlog保留时间为7天。

因此很容易想到的方法是将从库2014-09-25凌晨的备份拿出来恢复，然后通过主库的Binlog通过时间段来筛选出凌晨至2014-09-25 21:53:56的所有更改，之后的数据，经业务确认，可以舍弃掉。或者后面再通过其他方法慢慢将这部分数据找出来。但是当务之急，，是立马恢复数据库。

三、找备份及时间点

在备份的从库上检查备份：

#0 3 * * * /data/opdir/mysqlbak/backup_mysqldump.sh 6084 >> /data/opdir/mysqlbak/6084/mysql-bakup.log 2>&1

发现备份任务让注释了

查看备份文件：

备份只到20140923日，下午18:33分。

备份日志最后一段截取：

因为这些表是在从库备份的，而且表都是MyiSAM的表。查看备份脚本，是先Stop Slave之后，才开始备份，因此从备份脚本输出的日志中找到备份开始的时间是：

2014-09-23 18:19:12

通过：

Drwxr-xr-x 2 root root 4096 Sep 23 18:33 20140923

可看到结束时间是：2014-09-23 18:33:00

现在考虑到底是以备份开始的时间：2014-09-23 18:19:12 为Start-DateTime还是以2014-09-23 18:33:00 为Start-DateTime。

前面提到备份脚本是从库进行备份的，是在2014-09-23 18:19:12开始的，在这个时刻备份开始，执行了Stop Slave；因此整个备份的状态反映的是从库2014-09-23 18:19:12 这个时间的状态。而且通过监控可以看到在这个时间点，从库的延迟为0，因此可以认为这个备份就是主库在这个时间的备份。

NOTES：

（有人可能会因为从库上有Binlog，从库也会接受主库的Binlog之类的机制而造成混淆。这里要结合我们具体的备份方式和恢复方式来看，以选出正确的时间点。）

前面提到通过日志查到遭到篡改的时间为：2014-09-25 21:53:57，因此可以将2014-09-25 21:53:56作为Stop-DateTime

因此Binlog命令应该是这样：

四、具体的恢复操作

清楚了这些，具体的操作就简单了：

1.从备份机拷贝备份： 2.恢复测试机解压： 3.恢复测试机导入(测试恢复库中之前没有db_name这个库)： 4.将主库的Binlog拷贝到恢复测试机：

查看主库Binlog

我们需要的Binlog时间段为：2014-09-23 18:28:00 至 2014-09-25 21:53:56 因此只需要：

将这3个Binlog Copy过去：

5.使用MySQLBinlog 生成SQL脚本： 6.Binlog生成的SQL脚本导入：

待20140923.db_name导入到恢复测试库之后，将MySQLBinlog生成的SQL脚本导入到数据库中：

7.导入完成后检查数据正确性：

大致看一下数据的情况，然后可以通过时间字段来看一下情况：

时间差不多为晚上20:27了

这个判断，作为DBA，查看部分数据，只能起到辅助作用，具体的需要到底是否OK，需要业务开发的人来判断。

经过业务开发确认后，即可将该数据导出后，再导入到线上主库中。

8、将该库导出，并压缩：

压缩：

scp 到主库（复制的时候，请将网络因素考虑进去，确认不会占用过多带宽而影响其他线上业务）

9.恢复测试的数据导入到线上主库中：

线上主库操作：

操作之前，最好让开发把应用业务那段先暂停，否则可能会影响导入。比如这个表示MyISAM的，应用那边如果不听有update进来，就会阻塞数据导入。

a、主库将原始被篡改的表改名：（不要上来就drop，先rename，后续确认没问题了再考虑drop，因为很多问题不是一瞬间就能全部反映上来的）

rename table_name to old_table_name;

b、解压：

c、导入新表数据：

后面就需要开发来进一步验证数据是否 OK 了。验证没问题后，再启动应用程序。

本文永久更新链接地址：

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Two Point Museum: All Exhibits And Where To Find Them

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7372

Java Tutorial

1628

CakePHP Tutorial

1355

Laravel Tutorial

1266

PHP Tutorial

1215

Related knowledge

How to use MySQL's binlog, redo log and undo log Jun 03, 2023 pm 12:59 PM

1. Binlog Binlog is used to record write operations (excluding queries) information performed by the database and save it on the disk in binary form. Binlog is the logical log of mysql and is recorded by the server layer. Mysql databases using any storage engine will record binlog logs. Logical log: can be simply understood as a sql statement; physical log: data in MySQL is stored in the data page, and the physical log records changes on the data page; insert the code piece here and the binlog is written by appending Input, you can set the size of each binlog file through the max_binlog_size parameter. When the file size reaches the given value

What are the differences between redo log and binlog in MySQL? Jun 03, 2023 pm 06:53 PM

Preface There are six types of log files in MySQL, namely: redo log (redolog), rollback log (undolog), binary log (binlog), error log (errorlog), slow query log (slowquerylog), general query log (generallog) ), relay log (relaylog). 1. What is redolog? Redolog, also known as redo log file, is used to record changes in transaction operations. It records the value after data modification. It will be recorded regardless of whether the transaction is submitted or not. Redolog files can come in handy when instances and media fail (mediafailure), such as database power outage, Inn

How to backup script for binlog in MySQL Jun 03, 2023 pm 06:53 PM

Regarding the MySQL binary log (binlog), we all know that the binary log (binlog) is very important, especially when you need point-to-point disaster recovery, so we need to back it up. Regarding the backup of binary log (binlog), you can first switch the binlog based on the flushlogs method, and then copy & compress it to other storage on the remote server or local server, such as mounted NAS storage. You can also use mysqlbinlog to backup the binlog. Implement local backup or remote backup of MySQL binary log (binlog). Finally, the MySQL binary log (binlog

What are MySQL Binlog logs and master-slave replication? May 27, 2023 pm 08:40 PM

1. Introduction to Binlog log Binlog is the abbreviation of Binarylog, that is, binary log. Binlog has three main functions: converting random IO into sequential IO during persistence, master-slave replication and data recovery. This article focuses on issues related to master-slave replication. The Binlog log consists of an index file and many log files. Each log file consists of a magic number and an event. Each log file ends with a Rotate type event. For each event, it can be divided into two parts: event header and event body: The structure of the event header is as follows: The structure of the event body includes two parts: fixed size and variable size. For the format of Binlog log, you can have a simple understanding. Interested students can go deeper.

What is the difference between slow commit in MySQL slow query and slow transaction in binlog? May 30, 2023 am 08:07 AM

1. Source of the problem When analyzing performance problems, slow queries and binlog slow transactions are commonly used methods. Recently, I was analyzing a slow query and found that it contained a large number of commit statements that were slow, but the matching could not be completed when analyzing the binlog slow transactions. For example, there may be 1,000 commit statements during this period, but there may be only 100 slow transactions. This is too big a difference, so why does this phenomenon occur? 2. The respective determination methods for slow transactions are usually as follows for an explicitly submitted (insert) transaction: GTID_LOG_EVENT and XID_EVENT are the time when the command ‘COMMIT’ is initiated.

How to use docker to enable mysql binlog to solve data volume problems May 27, 2023 pm 01:34 PM

Preface During development, it is necessary to monitor the data table by monitoring the binlog log file of mysql. Since mysql is deployed in a docker container, the problem of data volumes also needs to be solved. 1. Open a mysql image through the data volume dockerrun- p3307:3306--namemyMysql-v/usr/docker/mysql/data:/var/lib/mysql-eMYSQL_ROOT_PASSWORD=123456-dmysql:5.7.25 Note: You need to create a file in the host directory in advance to save mysql Data set, the directory I created here is /u

What is the difference between binlog/redolog/undolog in MySQL? May 27, 2023 am 08:29 AM

What is the difference between MySQLbinlog/redolog/undolog? If I want to talk to you about the locking mechanism in InnoDB, it will inevitably involve the MySQL logging system, binlog, redolog, undolog, etc. I saw that these three logs summarized by some friends are not bad, so I quickly brought them to discuss with you. Share with partners. The log is an important part of the MySQL database, recording various status information during the operation of the database. MySQL logs mainly include error logs, query logs, slow query logs, transaction logs, and binary logs. As a developer, what we need to focus on is the binary log (binlog) and transaction log (including redolog and und

How to use mysql binlog to restore data May 31, 2023 am 08:40 AM

If you want to restore data through mysql's binlog, you must first enable binlog. Set up a test environment here to learn how mysqlbinlog restores the database. The principle is relatively simple. Binlog will store changed data in mysql. For example, if you create a database and write some data, these will be stored in the binlog of mysql. When you need to recover, find two positions, a starting position and an ending position. Half of the ending position is the position before the data was destroyed or deleted. mysql8 has binlogmysql>showvariableslike'%l enabled by default

See all articles