Re: denyhosts-like app for MySQLd?
Jordi Espasa Clofent wrote:
> Hi all,
>
> 澠s there any app like denyhosts[1] but intended for MySQLd service?
>
> We have a mysql ports (3306) opened for remote connections, and
> obviously the /var/db/mysql/machine_name.log is full of these kind of
> entries:
>
> ...........
> 936012 Connect Access denied for user 'user'@'85.19.95.10' (using
> password: YES)
> 936013 Connect Access denied for user 'user'@'85.19.95.10' (using
> password: YES)
> 936014 Connect Access denied for user 'user'@'85.19.95.10' (using
> password: YES)
> 936016 Connect Access denied for user 'user'@'85.19.95.10' (using
> password: YES)
> 936018 Connect Access denied for user 'user'@'85.19.95.10' (using
> password: YES)
> 936019 Connect Access denied for user 'user'@'85.19.95.10' (using
> password: YES)
> .............
>
> The idea is blocking the abusive IPs in automated way.
why do you open your mysql port to the world?
if you want to let users in from any place, then an ssh tunnel is safer
(yes, works even on windows, using putty or whatever. and a user who
finds this difficult shouldn't be able to run sql commands!).
If this is too much, at least use a different port to reduce the noise
(This won't add security, but will somehow limit exposure).
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 12 之 15 篇):