-
加我微信
加我QQ
标签云
asm恢复 bbed bootstrap$ dul In Memory kcbzib_kcrsds_1 kccpb_sanity_check_2 MySQL恢复 ORA-00312 ORA-00607 ORA-00704 ORA-00742 ORA-01110 ORA-01555 ORA-01578 ORA-08103 ORA-600 2131 ORA-600 2662 ORA-600 2663 ORA-600 3020 ORA-600 4000 ORA-600 4137 ORA-600 4193 ORA-600 4194 ORA-600 16703 ORA-600 kcbzib_kcrsds_1 ORA-600 KCLCHKBLK_4 ORA-15042 ORA-15196 ORACLE 12C oracle dul ORACLE PATCH Oracle Recovery Tools oracle加密恢复 oracle勒索 oracle勒索恢复 oracle异常恢复 Oracle 恢复 ORACLE恢复 ORACLE数据库恢复 oracle 比特币 OSD-04016 YOUR FILES ARE ENCRYPTED 勒索恢复 比特币加密文章分类
- Others (2)
- 中间件 (2)
- WebLogic (2)
- 操作系统 (103)
- 数据库 (1,734)
- DB2 (22)
- MySQL (75)
- Oracle (1,585)
- Data Guard (52)
- EXADATA (8)
- GoldenGate (24)
- ORA-xxxxx (160)
- ORACLE 12C (72)
- ORACLE 18C (6)
- ORACLE 19C (15)
- ORACLE 21C (3)
- Oracle 23ai (8)
- Oracle ASM (68)
- Oracle Bug (8)
- Oracle RAC (54)
- Oracle 安全 (6)
- Oracle 开发 (28)
- Oracle 监听 (28)
- Oracle备份恢复 (580)
- Oracle安装升级 (95)
- Oracle性能优化 (62)
- 专题索引 (5)
- 勒索恢复 (82)
- PostgreSQL (27)
- pdu工具 (5)
- PostgreSQL恢复 (9)
- SQL Server (28)
- SQL Server恢复 (9)
- TimesTen (7)
- 达梦数据库 (2)
- 生活娱乐 (2)
- 至理名言 (11)
- 虚拟化 (2)
- VMware (2)
- 软件开发 (37)
- Asp.Net (9)
- JavaScript (12)
- PHP (2)
- 小工具 (20)
-
最近发表
- win平台19c 打patch遭遇2个小问题汇总
- pg单个数据库目录恢复-pdu恢复单个数据库目录数据
- pg删除数据恢复—pdu恢复pg delete数据
- .[OnlyBuy@cyberfear.com].REVRAC勒索mysql恢复
- 表dml操作权限授权给public,导致只读用户失效
- 21c数据库恢复遭遇ora-600 ktugct: corruption detected
- pg_control丢失/损坏处理
- 当前主流数据库版本服务支持周期-202503
- pg启动报invalid checkpoint record处理
- 删除redo导致ORA-00313 ORA-00312故障处理
- Navicat连接postgresql时出现column “datlastsysoid” does not exist错误解决
- aix磁盘损坏oracle数据库恢复
- pg误删除数据恢复(PostgreSQL delete数据恢复)
- PostgreSQL表文件损坏恢复—pdu恢复损坏的表文件
- linux rm -rf 删除数据文件恢复
- PostgreSQL恢复工具—pdu恢复单个表文件
- PostgreSQL恢复工具—pdu工具介绍
- 近1万个数据文件的恢复case
- 不当使用_allow_resetlogs_corruption参数引起ORA-600 2662错误
- CSSD signal 11 in thread clssnmRcfgMgrThread故障处理
分类目录归档:数据库
.pzpq扩展名勒索恢复
有一个10g的库,数据库被勒索病毒加密扩展名为:.email=[biobiorans@gmail.com]id=[f5657ac3dc58dc8c].biobio.[backups@airmail.cc].pzpq
#Read-for-recovery.txt文件中内容
Email 1: backups@airmail.cc Email 2: hero77@cock.li Send messages to both emails at the same time So send messages to our emails, check your spam folder every few hours ID: E3DxxxxxxxxxxxxxxxDBB73 If you do not receive a response from us after 24 hours, create a valid email, for example, gmail,outlook Then send us a message with a new email
通过底层对数据库block进行分析,确认损坏的block情况为,头部损坏16个block,中间16个block,尾部16个block
通过Oracle数据文件勒索加密恢复工具,实现快速恢复
然后尝试打开数据库报ORA-600 4193错误
un Jan 12 22:35:09 2025 ALTER DATABASE OPEN Sun Jan 12 22:35:10 2025 Thread 1 opened at log sequence 4 Current log# 3 seq# 4 mem# 0: D:\ORCL\REDO03.LOG Successful open of redo thread 1 Sun Jan 12 22:35:10 2025 MTTR advisory is disabled because FAST_START_MTTR_TARGET is not set Sun Jan 12 22:35:10 2025 SMON: enabling cache recovery Sun Jan 12 22:35:10 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\udump\norcl_ora_2796.trc: ORA-00600: internal error code, arguments: [4193], [58], [52], [], [], [], [], [] Sun Jan 12 22:35:11 2025 Doing block recovery for file 1 block 404 Block recovery from logseq 4, block 73424 to scn 137439548723 Sun Jan 12 22:35:11 2025 Recovery of Online Redo Log: Thread 1 Group 3 Seq 4 Reading mem 0 Mem# 0: D:\ORCL\REDO03.LOG Block recovery stopped at EOT rba 4.73426.16 Block recovery completed at rba 4.73426.16, scn 32.595250 Doing block recovery for file 1 block 9 Block recovery from logseq 4, block 73424 to scn 137439548721 Sun Jan 12 22:35:11 2025 Recovery of Online Redo Log: Thread 1 Group 3 Seq 4 Reading mem 0 Mem# 0: D:\ORCL\REDO03.LOG Block recovery completed at rba 4.73426.16, scn 32.595250 Sun Jan 12 22:35:11 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\udump\norcl_ora_2796.trc: ORA-00604: error occurred at recursive SQL level 1 ORA-00607: Internal error occurred while making a change to a data block ORA-00600: internal error code, arguments: [4193], [58], [52], [], [], [], [], [] Error 604 happened during db open, shutting down database USER: terminating instance due to error 604 Sun Jan 12 22:35:11 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_pmon_2168.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_reco_2688.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_smon_2332.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_ckpt_2600.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_lgwr_2672.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_dbw0_1344.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_mman_2828.trc: ORA-00604: error occurred at recursive SQL level Sun Jan 12 22:35:12 2025 Errors in file d:\oracle\product\10.2.0.3\admin\orcl\bdump\norcl_psp0_2324.trc: ORA-00604: error occurred at recursive SQL level Instance terminated by USER, pid = 2796 ORA-1092 signalled during: ALTER DATABASE OPEN...
通过分析trace,确认是系统回滚段的free block pool异常,使用bbed进行修复
BBED> clean free_block_pool Clean free block pool completed.you can use dump to verify the data, then can us e sum apply command to save data. BBED> sum apply Warning: apply the modified data will overwrite original data. Would you like to continue? (y/n) y Old checksum value: 0xf2c0 New checksum value: 0xf315 Writing block has completed BBED>
open数据库成功,然后安排导出数据即可
对于类似这种被加密的勒索的数据文件,我们可以实现比较好的恢复效果,如果此类的数据库(oracle,mysql,sql server)等被加密,需要专业恢复技术支持,请联系我们:
电话/微信:17813235971 Q Q:107644445
E-Mail:dba@xifenfei.com系统安全防护措施建议:
1.多台机器,不要使用相同的账号和口令
2.登录口令要有足够的长度和复杂性,并定期更换登录口令
3.重要资料的共享文件夹应设置访问权限控制,并进行定期备份
4.定期检测系统和软件中的安全漏洞,及时打上补丁。
5.定期到服务器检查是否存在异常。
6.安装安全防护软件,并确保其正常运行。
7.从正规渠道下载安装软件。
8.对不熟悉的软件,如果已经被杀毒软件拦截查杀,不要添加信任继续运行。
9.保存良好的备份习惯,尽量做到每日备份,异地备份。
发表在 勒索恢复
标签为 .pzpq, backups@airmail.cc, biobiorans@gmail.com, ORA-600 4193, oracle勒索, oracle勒索open, 勒索恢复ORA-600
评论关闭
Oracle read only用户—23ai新特性:只读用户
23ai版本支持用户级别设置read only特性,对于在某些情况下,为了数据的一致性,是一个比较方便的特性,而不是以前版本通过权限控制实现只读,比如授权create session+表/视图等查询权限
下面创建一个用户u_readonly,并授权dba权限,创建一个表进行测试
[oracle@xifenfei ~]$ ss
SQL*Plus: Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems on Sat Jan 11 21:12:09 2025
Version 23.5.0.24.07
Copyright (c) 1982, 2024, Oracle. All rights reserved.
Connected to:
Oracle Database 23ai Enterprise Edition Release 23.0.0.0.0 - for Oracle Cloud and Engineered Systems
Version 23.5.0.24.07
SQL>
SQL> select banner from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 23ai Enterprise Edition Release 23.0.0.0.0 - for Oracle Cloud an
d Engineered Systems
SQL> show pdbs;
CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO
3 XIFENFEI MOUNTED
SQL> alter session set container=xifenfei;
Session altered.
SQL> alter database open;
Database altered.
SQL> create user u_readonly identified by oracle;
User created.
SQL> grant dba to u_readonly;
Grant succeeded.
SQL> conn u_readonly/oracle@127.0.0.1/xifenfei
Connected.
SQL> create table t_xff as select * from dba_objects;
Table created.
SQL> select count(1) from t_xff;
COUNT(1)
----------
70951
修改用户为只读特性,然后进行dml/ddl操作会报ORA-28194: Can perform read operations only
SQL> conn / as sysdba
Connected.
SQL> alter session set container=xifenfei;
Session altered.
SQL> alter user u_readonly read only;
User altered.
SQL> conn u_readonly/oracle@127.0.0.1/xifenfei
Connected.
SQL> delete from t_xff;
delete from t_xff
*
ERROR at line 1:
ORA-28194: Can perform read operations only
SQL> insert into t_xff select * from dba_objects;
insert into t_xff select * from dba_objects
*
ERROR at line 1:
ORA-28194: Can perform read operations only
SQL> select count(1) from t_xff;
COUNT(1)
----------
70951
SQL> create table t1 as select * from dba_users;
create table t1 as select * from dba_users
*
ERROR at line 1:
ORA-28194: Can perform read operations only
直接使用create user命令创建一个只读用户
SQL> conn / as sysdba Connected. SQL> alter session set container=xifenfei; Session altered. SQL> create user u_readonly2 identified by oracle read only; User created. SQL> grant dba to u_readonly2; Grant succeeded. SQL> conn u_readonly2/oracle@127.0.0.1/xifenfei Connected. SQL> create table t_xifenfei as select * from dba_objects; create table t_xifenfei as select * from dba_objects * ERROR at line 1: ORA-28194: Can perform read operations only
修改只读用户为读写模式
SQL> conn / as sysdba Connected. SQL> alter session set container=xifenfei; Session altered. SQL> alter user u_readonly2 read write; User altered. SQL> conn u_readonly2/oracle@127.0.0.1/xifenfei Connected. SQL> create table t_xifenfei as select * from dba_objects; Table created. SQL> delete from t_xifenfei where rownum<100; 99 rows deleted. SQL> commit; Commit complete.
查看用户是否处于只读状态
SQL> select username,read_only from dba_users where created>sysdate-1; USERNAME READ_O ------------------------------ ------ U_READONLY2 NO U_READONLY YES
在只读用户中,使用动态plsql直接直接dml也报ORA-28194: Can perform read operations only
SQL> conn u_readonly/oracle@127.0.0.1/xifenfei
Connected.
SQL> select count(1) from t_xff;
COUNT(1)
----------
70951
SQL> delete from t_xff;
delete from t_xff
*
ERROR at line 1:
ORA-28194: Can perform read operations only
SQL> DECLARE
2 v_sql VARCHAR2(1000);
3 BEGIN
4 v_sql := 'delete from t_xff where rownum<1000';
5 EXECUTE IMMEDIATE v_sql;
6 END;
7 /
DECLARE
*
ERROR at line 1:
ORA-28194: Can perform read operations only
ORA-06512: at line 5
判断用户是否只读的底层基表属性user$.spare1
SQL> conn / as sysdba Connected. SQL> alter session set container=xifenfei; Session altered. SQL> COL NAME FOR A30 SQL> select name,decode(bitand(spare1, 67108864), 67108864, 'YES', 'NO') 2 read_only from user$ where name like 'U_READONLY%' 3 / NAME READ_O ------------------------------ ------ U_READONLY YES U_READONLY2 NO
迁移awr快照数据到自定义表空间
在19c中有些情况,考虑把awr的快照数据存储在非sysaux表空间,可以通过DBMS_WORKLOAD_REPOSITORY.MODIFY_SNAPSHOT_SETTINGS来进行设置
sys@ORA19C 21:57:02> select BANNER_FULL from v$version; BANNER_FULL ---------------------------------------------------------------------------------------------- Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.24.0.0.0 Elapsed: 00:00:00.01 PROCEDURE MODIFY_SNAPSHOT_SETTINGS Argument Name Type In/Out Default? ------------------------------ ----------------------- ------ -------- RETENTION NUMBER IN DEFAULT INTERVAL NUMBER IN DEFAULT TOPNSQL NUMBER IN DEFAULT DBID NUMBER IN DEFAULT TABLESPACE_NAME VARCHAR2 IN DEFAULT PROCEDURE MODIFY_SNAPSHOT_SETTINGS Argument Name Type In/Out Default? ------------------------------ ----------------------- ------ -------- RETENTION NUMBER IN DEFAULT INTERVAL NUMBER IN DEFAULT TOPNSQL VARCHAR2 IN DBID NUMBER IN DEFAULT TABLESPACE_NAME VARCHAR2 IN DEFAULT
这两个proc,主要是TOPNSQL一个是number类型,一个是varchar2类型
If NUMBER: Top N SQL size. The number of Top SQL to flush for each SQL criteria (Elapsed Time, CPU Time, Parse Calls, Shareable Memory, Version Count). The value for this setting will not be affected by the statistics/flush level and will override the system default behavior for the AWR SQL collection. The setting will have a minimum value of 30 and a maximum value of 50,000. Specifying NULL will keep the current setting.
If VARCHAR2: Users are allowed to specify the following values: (DEFAULT, MAXIMUM, N), where N is the number of Top SQL to flush for each SQL criteria. Specifying DEFAULT will revert the system back to the default behavior of Top 30 for statistics level TYPICAL and Top 100 for statistics level ALL. Specifying MAXIMUM will cause the system to capture the complete set of SQL in the cursor cache. Specifying the number N is equivalent to setting the Top N SQL with the NUMBER type. Specifying NULL for this argument will keep the current setting.
进行了简单的测试,确认是部分awr的分区表设置到新表空间中
sys@ORA19C 21:41:51> CREATE TABLESPACE AWRTBS DATAFILE '/data/oradata/ORA19C/awrtbs01.dbf' size 128M autoextend on; Tablespace created. Elapsed: 00:00:00.53 sys@ORA19C 21:42:21> exec dbms_workload_repository.modify_snapshot_settings(tablespace_name=> 'AWRTBS'); PL/SQL procedure successfully completed. Elapsed: 00:00:01.53 sys@ORA19C 21:53:56> execute dbms_workload_repository.create_snapshot(); PL/SQL procedure successfully completed. Elapsed: 00:00:01.44 sys@ORA19C 21:53:58> select segment_name,PARTITION_NAME,segment_type from dba_segments where tablespace_name='AWRTBS'; SEGMENT_NAME PARTITION_NAME SEGMENT_TYPE ------------------------------ ------------------------------------------------------------ --------------- WRH$_FILESTATXS WRH$_FILESTATXS_1232450071_2690 TABLE PARTITION WRH$_SQLSTAT WRH$_SQLSTAT_1232450071_2690 TABLE PARTITION WRH$_SYSTEM_EVENT WRH$_SYSTEM_EVENT_1232450071_2690 TABLE PARTITION WRH$_WAITSTAT WRH$_WAITSTAT_1232450071_2690 TABLE PARTITION WRH$_LATCH WRH$_LATCH_1232450071_2690 TABLE PARTITION WRH$_LATCH_MISSES_SUMMARY WRH$_LATCH_MISSES_SUMMARY_1232450071_2690 TABLE PARTITION WRH$_DB_CACHE_ADVICE WRH$_DB_CACHE_ADVICE_1232450071_2690 TABLE PARTITION WRH$_ROWCACHE_SUMMARY WRH$_ROWCACHE_SUMMARY_1232450071_2690 TABLE PARTITION WRH$_SGASTAT WRH$_SGASTAT_1232450071_2690 TABLE PARTITION WRH$_SYSSTAT WRH$_SYSSTAT_1232450071_2690 TABLE PARTITION WRH$_PARAMETER WRH$_PARAMETER_1232450071_2690 TABLE PARTITION WRH$_SEG_STAT WRH$_SEG_STAT_1232450071_2690 TABLE PARTITION WRH$_SERVICE_STAT WRH$_SERVICE_STAT_1232450071_2690 TABLE PARTITION WRH$_ACTIVE_SESSION_HISTORY WRH$_ACTIVE_SESSION_HISTORY_1232450071_2690 TABLE PARTITION WRH$_SYSMETRIC_HISTORY WRH$_SYSMETRIC_HISTORY_1232450071_2690 TABLE PARTITION WRH$_LATCH_CHILDREN WRH$_LATCH_CHILDREN_1232450071_0 TABLE PARTITION WRH$_LATCH_PARENT WRH$_LATCH_PARENT_1232450071_0 TABLE PARTITION WRH$_DLM_MISC WRH$_DLM_MISC_1232450071_0 TABLE PARTITION WRH$_INST_CACHE_TRANSFER WRH$_INST_CACHE_TRANSFER_1232450071_0 TABLE PARTITION WRH$_INTERCONNECT_PINGS WRH$_INTERCONNECT_PINGS_1232450071_0 TABLE PARTITION WRH$_TABLESPACE_STAT WRH$_TABLESPACE_STAT_1232450071_2690 TABLE PARTITION WRH$_OSSTAT WRH$_OSSTAT_1232450071_2690 TABLE PARTITION WRH$_SYS_TIME_MODEL WRH$_SYS_TIME_MODEL_1232450071_2690 TABLE PARTITION WRH$_SERVICE_WAIT_CLASS WRH$_SERVICE_WAIT_CLASS_1232450071_2690 TABLE PARTITION WRH$_EVENT_HISTOGRAM WRH$_EVENT_HISTOGRAM_1232450071_2690 TABLE PARTITION WRH$_MVPARAMETER WRH$_MVPARAMETER_1232450071_2690 TABLE PARTITION WRH$_CELL_GLOBAL_SUMMARY WRH$_CELL_GLOBAL_SUMMARY_1232450071_2690 TABLE PARTITION WRH$_CELL_DISK_SUMMARY WRH$_CELL_DISK_SUMMARY_1232450071_2690 TABLE PARTITION WRH$_CELL_GLOBAL WRH$_CELL_GLOBAL_1232450071_2690 TABLE PARTITION WRH$_CELL_IOREASON WRH$_CELL_IOREASON_1232450071_2690 TABLE PARTITION WRH$_CELL_DB WRH$_CELL_DB_1232450071_2690 TABLE PARTITION WRH$_CELL_OPEN_ALERTS WRH$_CELL_OPEN_ALERTS_1232450071_2690 TABLE PARTITION WRH$_IM_SEG_STAT WRH$_IM_SEG_STAT_1232450071_2690 TABLE PARTITION WRM$_PDB_IN_SNAP WRM$_PDB_IN_SNAP_1232450071_2690 TABLE PARTITION WRH$_CON_SYSMETRIC_HISTORY WRH$_CON_SYSMETRIC_HISTORY_1232450071_2690 TABLE PARTITION WRM$_ACTIVE_PDBS WRM$_ACTIVE_PDBS_1232450071_2690 TABLE PARTITION WRH$_CON_SYSSTAT WRH$_CON_SYSSTAT_1232450071_2690 TABLE PARTITION WRH$_CON_SYSTEM_EVENT WRH$_CON_SYSTEM_EVENT_1232450071_2690 TABLE PARTITION WRH$_PROCESS_WAITTIME WRH$_PROCESS_WAITTIME_1232450071_2690 TABLE PARTITION WRH$_ASM_DISK_STAT_SUMMARY WRH$_ASM_DISK_STAT_SUMMARY_1232450071_2690 TABLE PARTITION WRH$_AWR_TEST_1 WRH$_AWR_TEST_1_1232450071_2690 TABLE PARTITION WRH$_SESS_NETWORK WRH$_SESS_NETWORK_1232450071_2690 TABLE PARTITION WRH$_CON_SYS_TIME_MODEL WRH$_CON_SYS_TIME_MODEL_1232450071_2690 TABLE PARTITION 43 rows selected. Elapsed: 00:00:00.01 sys@ORA19C 21:54:08>