store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Aug 20, 2019 1:00 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: How can i block this kind of requests its a brute force
Unread postPosted: Thu Mar 21, 2013 7:16 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 05, 2008 5:01 pm
Posts: 111
How can i block this kind of requests its a brute force

MySQL log: 130321 16:52:11 [Warning] Access denied for user `admin`@`zulu1053.server4you.de` (using password: NOMySQL log: 130321 16:52:10 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:10 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:09 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:09 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:09 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:08 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: NOMySQL log: 130321 16:52:08 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:07 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:07 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:07 [Warning] Access denied for user `roo`@`zulu1053.server4you.de` (using password: YES

and there are a lot more of tryouts, but the offender IP its not logged.


Top
 Profile  
Reply with quote  
 Post subject: Re: How can i block this kind of requests its a brute force
Unread postPosted: Fri Mar 22, 2013 6:36 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2321
If this is coming from an external IP then close port 3306 to start with. This port should never be open to the public IMHO. You might have occasion to open it to certain IPs, but that's it.

As to the IP in question - I don't really know how MySQL works -- has it converted the IP to a hostname? Can't that be faked (i.e. you just create an rDNS record to match whatever you want)? So I'm quite confused about this.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
Reply with quote  
 Post subject: Re: How can i block this kind of requests its a brute force
Unread postPosted: Fri Mar 22, 2013 8:51 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Aug 01, 2006 2:45 pm
Posts: 573
Location: Netherlands
faris wrote:
If this is coming from an external IP then close port 3306 to start with. This port should never be open to the public IMHO. You might have occasion to open it to certain IPs, but that's it.


This! I cannot stress the importance of closing remote MySQL access in your firewall enough.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group