If you are a MySQL expert or run your own web hosting company and can trouble shoot most problems or find a cause to a problem then please please do read the text below of an unresolved mystery which still remains to puzzle me as my host is not entirely sure. Thanks!
Hi there, recently i have lost a database to a forum which was created via cPanel. I am with my host been with them over a year now. I was on our forum a few days ago, we received database error logs in our email inboxes which happens now and then due to servers getting hanged etc.
This time we recieved a db error and didnt think much, the forum went down i had thought it would come back by itself after a few minutes like it does. But then to my suprise the db error message changed to "user_databasename" does not exist anymore! I was somewhat suprised, as its literally saying we have lost the entire db.
We logged into our cPanel and yes out of the two databases we had inside their we had lost our big db which was the forum's db. After a long chat with my host they said that the server died and was rebooted again and it had caused the database to dissapear. Now i find that somewhat hard to believe, an entire db to die? whilst the other small db is still standing?
Just wondering if anybody here can confirm this for me, or is my host lying of what actually really happened. They also checked our cPanel logs and there were no malicious logins.
Anyways after that i noticed under the databases their were 3 access host ip addresses which i did not recognise, two i delete the other one did not delete. The support staff member couldnt do it also, so the ticket was raised to the manager after which another support guy managed to delete it after quite a while. I asked them about why their were ip's under my access list and how it got there? they said it is sometimes added by themselves by mistake.
Here is what the manager had to say in regards to my questions:
It would most commonly be corruption of the data in the database. It could also be a drive error, but that's even more rare to have occurred. At this point, we're not able to say for sure what happened.
The IP address that showed up in your control panel may have been one that someone accidentally added server-wide. I've seen them do this on their own, as well. Unless there's some direct evidence of tampering (say, your password was changed), it is most likely just a bug in the software than anyone doing anything malicious.
So his best bet was that it was something within the database which might of been corrupt, or even a problem with the hardware, but their not sure exactly what happened.
Anybody else here might have a rough idea of what might of happened? Any experienced advanced web hosting server peeps or tech people may be able to help me with this?
P.S: My database was retrieved from a backup which was made 2 days ago so i lost substantial amount of posts and threads with a few newly registered members.
I can offer one explanation which I have seen before. If the server had crashed due to hard drive errors or problem then sometimes a reboot will force fsck (a linux hard drive check) to run. When it is run manually and there had become bad sectors an administrator usually needs to confirm the bad sectors and cleanup the inodes to mark the partition as clean. It is possible that these bad sectors and inodes contained the information or information linking to the data in your database files in the mysql data directory.
After cleaning up bad inodes and disk errors the machine will usually boot fine unless the missed data was part of the kernel or other important OS part. After it boots files will be missed and simply no longer appear in the directories they were once in.
I have done this first hand. But thankfully I had account backup for the files. More thankfully so did your host! Though data missing without explanation would raise a red flag for me and I might look into seeing if you can be moved or migrated to another server. If you are happy with your host I would say stick with them and try to work out the real cause for the data missing. "Just a bug in the software" doesn't seem like a reasonable explanation for data loss to me...
Do you think it could be somebody from the outside attempting to take it down?
Entirely possible if there were wildcard access hosts allowed (which allowed large ranges) and the passwords were easy to brute force. I do not know much about the security of MySQL. Not sure if there is a way to find a list of users and databases easily. Though if system or account security was compromised I would have guessed there would be more signs than just a corrupt or missing database.
yes i took a screenshot of the access hosts before i deleted them and there was one wildcard. Which was 192.168.1.% now i think you could just be right, i guess no hosting company would admit their was a security breach on the server(s) if there was one.
So would you have any idea how that wildcard got on to the access list in the first place? Or could it be that like my host had mentioned somebody added it by accident?
Also what can be done in terms of compensation if a hosting company did loose a substantial amount of data?