Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #NoTrayIcon
- #include <File.au3>
- #include <Array.au3>
- #include <String.au3>
- #cs
- I'm simple MYSQL Server watcher.V2
- 1)Added logging (default will create logs directory on the same dir with [SELF].exe)
- 2)More clear way to kill Command: QUERY (ignoring Sleep state)
- 3) Added Autostart Option.
- Uses:(Hardcoded)
- Default: MYSQL Server Host: 127.0.0.1
- Default: MYSQL Server port: 3306
- NOTE*: It will also KILL Persistent connections to MYSQL Server.
- Log file format will be: [*Which is usefull for investigating things*]
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ BEOF LOG FILE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- ####################################################################################################
- Possible DOS Attack Against MYSQL Server [Prevented]
- Attack Prevented on: 17:43:48:421 19/02/2012
- Attack Duration: 43 seconds
- Command: Query
- db: somegranteddatabase
- Host: 192.168.0.15:1075
- User: malicioususer
- Id: 237
- Time: 41
- State: executing
- Info: select benchmark(9999999999999999999999,repeat('AAAAAAAAAAAAAAAAAAAA',100))
- ####################################################################################################
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ EOF LOG FILE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- My goal is to monitor mysql server for malicious queries which sits more than 10 seconds + which can cause Denial of Service
- (In eg: High CPU Load,High Memory Load etc.)
- (IN eg: select benchmark(500000000005,'!AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'); )
- I'm a Autoitscript file.
- (For compile http://autoitscript.com/)
- You can compile me to standalaone executable (x64 && x86).
- And you can use me on your server.
- But always make sure i'm not world readable or writeable plus is not spoofable by users.
- Finally i'm For Windows OS.
- No need to add me to task scheduler just Add me to Autostart i will loop every 12 seconds and monitor mysql server for
- malicious SQL statements (assuming Denial of Service) and i will kill it for you.
- I'm from Scratch and a bit lame :)
- Tested on: MYSQL Server 5.5.17 Win (32bit)
- 1329657145
- Sorry for my English(not native)
- Author: kuku kuku
- http://forums.mysql.com/read.php?35,516054,516054#msg-516054
- #ce
- Dim $myarr; do not remove.
- ;######################################### SPECIFY VALID MYSQL ROOT PASSWORD AND COMPILE ME. ##################################
- $mysqlrootuser='root'; //root user name
- $mysqlrootpsswd='YOUR_PASSWORD_GOES_HERE';// root password
- $makeautostart=0; // default value=0 (zero)
- #cs
- $makeautostart is for autostart of application when user logs in.
- Possible values:
- 0 Do not start application when user logs in to system.(You need o start mysqlwatcher manually)
- 1 Means start application when user logs in.(Automatically)
- *FOR HIGH SECURITY(i know it is illusion) (IT IS RECOMENDED) TO INSTALL YOUR MYSQL SERVER ON ANOTHER BOX.*
- WHICH WILL PREVENT STEALING OF YOUR APPLICATION(i assume will prevent from Reverce code Engineering-because mysqlwatcher contains MYSQL server root password!)
- Here is how i'm doing it:
- 192.168.0.1 (MYSQL SERVER INSTALLED HERE) and my mysql watcher runs there(it is not connected to internet)(internal network)
- 192.168.0.15 (Apache+PHP+FTP+MAIL SERVER) installed here + with Software restriction policy(Obviously it is connected to internet)
- Using this way you can secure your MYSQL SERVER + mysql watcher from *UNO's* xD)
- #ce
- ;#############################################################################################################################
- $killifexceeds=10; seconds (If query sits on MYSQL server more than 10 (ten seconds) killing it //default value=10 seconds
- $sleepinloop=12; seconds //This is a main loop sleep time.DO not specify it to 0 (zero).Otherwise you can get HIGH CPU LOAD!!!! //defaut value=12 seconds
- ;############################################## DO nOT CHANGE ANYTHING BELOW ################################################
- MsgBox(64,"Info","Running MYSQL Server Watcher V2!",2);no need to click "OK" button.It has timeout value 2 seconds(Which means it will disappear after 2 seconds)
- $autostartkey="HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
- $valuename="mysqlwatcherv2"
- $type="REG_SZ"
- $self=@ScriptFullPath
- if $makeautostart=1 Then
- RegWrite($autostartkey,$valuename,$type,$self)
- Else
- RegDelete($autostartkey,$valuename)
- EndIf
- While 1 ;getting to loop
- if not FileExists(@ScriptDir&"\logs\") Then ; checking if logs directory exists.If it is not exists creating it (We need to keep our log files there)
- DirCreate(@ScriptDir&"\logs\");creating it
- EndIf
- Sleep($sleepinloop * 1000) ; sleeping every 12 seconds // 1 second=1k milliseconds
- $statement='mysql -bA -h 127.0.0.1 -u' & $mysqlrootuser & ' -p' & $mysqlrootpsswd & ' -e "show full processlist\G"'
- ;our statement
- if FileExists(@ScriptDir&"\data.ini") Then FileSetAttrib(@ScriptDir&"\data.ini","-RASHNOT",1)
- Runwait(@ComSpec & " /c " & $statement & '>data.ini',@ScriptDir,@SW_HIDE)
- ;executing mysql client from command line of OS
- Sleep(1000) ;sleeping 1 second(for filewrite if server high overloaded)
- _FileReadToArray(@ScriptDir &"\data.ini",$myarr) ;reading temp file to array
- if @error Then
- MsgBox(48,"Boo Boo:(","Unable to read temporary data.ini file (Will be created runtime)" & @CRLF & "Please make sure i'm in writable directory" & @CRLF & _
- "Going to Restart Application.Please Wait...",20)
- Run(@ComSpec & " /c " & '"' & @ScriptFullPath & '"',@ScriptDir,@SW_HIDE)
- if FileExists(@ScriptDir&"\data.ini") Then FileSetAttrib(@ScriptDir&"\data.ini","-RASHNOT",1)
- FileDelete(@ScriptDir &"\data.ini"); deleting of our "temporary file"
- ; if any error occurs will launch new instance of application then exit from 1'st application.(i assume self exit)
- Exit
- Exit
- EndIf
- if FileExists(@ScriptDir&"\data.ini") Then FileSetAttrib(@ScriptDir&"\data.ini","-RASHNOT",1)
- FileDelete(@ScriptDir &"\data.ini"); deleting of our "temporary file"
- for $i=0 To $myarr[0] ;going to enumerate array elements
- if StringMid($myarr[$i],1,8)=" Time:" Then ; searching for time
- if StringMid($myarr[$i],9,-1) >=$killifexceeds And $myarr[$i-1]='Command: Query' Then ;comparing it plus ignoring sleep state.Accepting only query-es
- Runwait(@ComSpec & " /c " & 'mysql -bA -h 127.0.0.1 -u' & $mysqlrootuser & ' -p' & $mysqlrootpsswd & ' -e ' & '"kill ' & _
- StringMid(StringStripWS($myarr[$i-5],8),4,-1) & '"',@ScriptDir,@SW_HIDE)
- ;and finally killing "malicious" query which sits more than 10 seconds.
- Beep(1500,1200); Generating "beep" signal which means possible attack prevented against mysql server.
- ;###################################### LOGGING ####################################################################################
- FileWrite(@ScriptDir&"\logs\"&@MSEC & '_' &@SEC & '_' & @MIN & '_'& @HOUR & ' ' & @MDAY & '_' & @MON & '_' & @YEAR & '.txt',@CRLF & _
- _StringRepeat('#',100) & @CRLF & _
- 'Possible DOS Attack Against MYSQL Server [Prevented]' & @CRLF & _
- 'Attack Prevented on: ' & @HOUR & ':' &@MIN & ':' &@SEC & ':' & @MSEC & ' ' & @MDAY & '/' & @MON & '/' & @YEAR & @CRLF & _
- 'Attack Duration:' & StringMid($myarr[$i],9,-1) & ' seconds' & @CRLF & _
- $myarr[$i-1] & @CRLF & $myarr[$i-2] & @CRLF & $myarr[$i-3] & @CRLF & $myarr[$i-4] & @CRLF & $myarr[$i-5] & @CRLF & $myarr[$i] & @CRLF & _
- $myarr[$i+1] & @CRLF & $myarr[$i+2] & @CRLF & _StringRepeat('#',100))
- ;logging to log file
- ;#########################################################################################################################################################
- EndIf
- EndIf
- Next
- WEnd
Add Comment
Please, Sign In to add comment