0

I have a database that was compromised. It's a very big content table and I don't know if any of the rows were altered. Is there a way in MySQL to see which rows were edited and when?

Citizen
  • 12,430
  • 26
  • 76
  • 117
  • 3
    Play it safe, restore from a backup. – DCoder Sep 10 '13 at 17:27
  • http://dev.mysql.com/doc/refman/5.1/en/query-log.html – Ankit Sharma Sep 10 '13 at 17:39
  • I recommend that you implement some form of (text) logging for all non-trivial INSERT, UPDATE, and DELETE DB operations committed by each application which implements any such access to your RDBMS. Implemented properly this would allow you to reconstruct all (non-trivial) transactions to your DB for situations such as this. It can also facilitate auditing. (Trivial transactions might include any sorts of data changes that you would never care to re-construct or audit, such as transient cookies and other disposable or derivative state). – Jim Dennis Sep 10 '13 at 18:06

2 Answers2

5

If it was compromised by injection you have to crawl through HTTP server's access log. MySQL has a query logging ability but it's "always" disabled since it seriously slows down the server. Otherwise: No.

Niko Hujanen
  • 743
  • 5
  • 10
1

You can use The General Query Log to track down the queries if its not turned off. For future you can use this steps mentioned in answer to set the query log How to show the last queries executed on MySQL?.

Community
  • 1
  • 1
Ankit Sharma
  • 3,923
  • 2
  • 29
  • 49