Geek Answers Handbook

Preventing brute force attacks on MySQL?

I need to enable network connections for MySQLd, but every time I do this, the server becomes rude, clogged. The script starts to score some average guessing of the password on the server, opening a connection on port 3306 and trying random passwords forever.

How can i stop this?

For SSH, I use denyhosts, which works well. Is there a way to get denyhosts to work with MySQLd?

I also considered changing the MySQL port, but this is less than ideal and only a stop solution (what if they discover a new port?)

Does anyone have any other ideas?

If it is different, I am running MySQL 5.x on FreeBSD 6.x.

+4
source share
4 answers

The external port of the firewall. I believe this relates to the serverfault area.

+4
source

I also considered changing the MySQL port, but this is less than ideal and only a stop solution (what if they discover a new port?)

Stupid bots are those that constantly beat themselves up because of your port, and they are not looking for new ports. Move to another port, and now you only need to worry about people who are trying to hack you, and not in the background noise of the Internet of compromised machines scanning random hosts. This is a big improvement.

If you need to provide only a few specific machines to your database, you can consider the SSH tunnel between the local ports in the database and the client machines. Quite rarely, you really want to open a database port on the public Internet.

+2
source

Limit the number of failed requests a single host can make.

0
source

I believe that changing the default port number (3306) to another does not improve security, but it helps in most cases (at least a little). Have you tried it in practice or only considered it?

0
source

More articles:


All Articles