How can i block this kind of requests its a brute force

Support/Development for MySQL, MariaDB, and other database systems
diego
Forum Regular
Forum Regular
Posts: 111
Joined: Tue Aug 05, 2008 5:01 pm

How can i block this kind of requests its a brute force

Unread post by diego »

How can i block this kind of requests its a brute force

MySQL log: 130321 16:52:11 [Warning] Access denied for user `admin`@`zulu1053.server4you.de` (using password: NOMySQL log: 130321 16:52:10 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:10 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:09 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:09 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:09 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:08 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: NOMySQL log: 130321 16:52:08 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:07 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:07 [Warning] Access denied for user `root`@`zulu1053.server4you.de` (using password: YESMySQL log: 130321 16:52:07 [Warning] Access denied for user `roo`@`zulu1053.server4you.de` (using password: YES

and there are a lot more of tryouts, but the offender IP its not logged.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: How can i block this kind of requests its a brute force

Unread post by faris »

If this is coming from an external IP then close port 3306 to start with. This port should never be open to the public IMHO. You might have occasion to open it to certain IPs, but that's it.

As to the IP in question - I don't really know how MySQL works -- has it converted the IP to a hostname? Can't that be faked (i.e. you just create an rDNS record to match whatever you want)? So I'm quite confused about this.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
prupert
Forum Regular
Forum Regular
Posts: 573
Joined: Tue Aug 01, 2006 2:45 pm
Location: Netherlands

Re: How can i block this kind of requests its a brute force

Unread post by prupert »

faris wrote:If this is coming from an external IP then close port 3306 to start with. This port should never be open to the public IMHO. You might have occasion to open it to certain IPs, but that's it.
This! I cannot stress the importance of closing remote MySQL access in your firewall enough.
Lemonbit Internet Dedicated Server Management
Post Reply