CODEWITHSUNDEEP
mysqlsecurity
Ramesh
Ramesh

Reputation: 775

MySQL brute force attack

I need to know more about MySQL brute force attacks. I see MySQL brute force attacks on our Linux server, however none of the machines are compromised yet.

From this link, I figured out if am getting the garbage characters, while using telnet command from another remote machine, it means port 3306 is open to the outside world. I figured out from this link that if I modify /etc/my.cnf to include skip-networking, it will block all the outside connections to the port 3306.

My question is,

I have a program running which connects to the MySQL server (in which I am getting the brute force attacks) using a certain username and password (The username is not root). If I include the above line (skip-networking) in my.cnf file, will it affect my current running program?

Upvotes: 2

Views: 5509

Answers (2)

tadman
tadman

Reputation: 211670

Rule #1: NEVER leave your MySQL port flapping in the breeze. There have been bugs in MySQL that have nullified the security layer and allowed arbitrary remote code execution.

You absolutely must lock down 3306 to be open only to the smallest possible list of IPs, and even then you're still going to have to be careful. By default MySQL does not encrypt these connections, so it's theoretically possible to scrape authentication information from here.

The better way to do this is for each machine that requires access to your database to set up a simple SSH tunnel that bridges remote machines to the local MySQL port.

skip-networking has the effect of binding to 127.0.0.1 (localhost) meaning it won't accept external connections. This is safer, but without a strict set of firewall rules you're still living dangerously.

Upvotes: 5

Namphibian
Namphibian

Reputation: 12221

So like the comments said you need to configure a firewall. Editing your my.cnf file is not the same as a firewall.

The skip-networking option basically does the following: Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.

Go install a firewall and ensure that only your machine can connect to the MySQL database. Here is a list of recommended firewalls.

Upvotes: 3

Related Questions