[Feature Request] MySQL bruteforce attacks for root
Forum
For more information on the latest vulnerability (CVE-2018-12130, CVE-2018-12126, CVE-2018-12127, and CVE-2019-11091),
please refer to our blog post
  1. Forums
  2. Imunify360
  3. Imunify360 and Imunify Sensor
  1. Hostking
  2. Monday, 24 December 2018
  3.  Subscribe via email
I'm seeing this on one of our servers:

2018-12-24 17:56:47 3109 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)
2018-12-24 17:56:48 3114 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)
2018-12-24 17:56:49 3117 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)
2018-12-24 17:56:50 3120 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)
2018-12-24 17:56:51 3122 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)
2018-12-24 17:56:52 3124 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)
2018-12-24 17:56:53 3128 [Warning] Access denied for user 'root'@'23.225.204.24' (using password: YES)

I assume that is someone trying to hack the server.

Can MySQL attacks also be monitored via imunify360 and blocked?

Thanks
Rate this post:
  1. 25.12.2018 19:12:55
  2. # 1
Greg Zemskov Accepted Answer
Posts: 19
Joined: 16.11.2018
0
Votes
Undo
Hello,
unfortunately, Imunify360 cannot block brute-force attacks coming to MySQL out of the box. We plan to add support for this later, in 2019.

At the moment you could use fail2ban utility to block brute-force attacks against MySQL. Please, read the following article.

Do you need an external connection to your MySQL database? We would also recommend to keep it for local connections only.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.