Page 1 of 1

port 3306 no correctly protected?

Posted: 06 Mar 2021, 09:01
by jmginer
Hello,

we have a server that needs to be able to access mysql with the root user.

We have blocked port 3306 globally.

And allowed the authorized IP in csf.allow with the following format:

Code: Select all

tcp|in|d=3306|s=x.x.x.x
We check that it works fine, but we have found a strange log:

Code: Select all

cat /var/log/mysqld.log | grep "Access denied"
2021-03-03T09:27:40.493517Z 574416 [Note] Access denied for user 'root'@'185.153.196.200' (using password: YES)
2021-03-03T16:26:19.169340Z 637065 [Note] Access denied for user 'mysql'@'185.153.196.200' (using password: YES)
2021-03-04T13:35:47.298017Z 839708 [Note] Access denied for user 'toor'@'185.153.196.200' (using password: YES)
Apparently, the firewall was working:

Code: Select all

[root@vps5 log]# cat lfd.log | grep stop
Mar  1 00:00:03 vps5 lfd[3744]: daemon stopped
Mar  2 00:00:03 vps5 lfd[17443]: daemon stopped
Mar  3 00:00:04 vps5 lfd[29062]: daemon stopped
Mar  4 00:00:03 vps5 lfd[3039]: daemon stopped
Mar  5 00:00:03 vps5 lfd[19887]: daemon stopped
Mar  5 11:52:10 vps5 lfd[20117]: daemon stopped
Mar  6 00:00:04 vps5 lfd[8642]: daemon stopped

[root@vps5 log]# cat lfd.log | grep start
Mar  1 00:00:04 vps5 lfd[17443]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar  2 00:00:04 vps5 lfd[29062]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar  3 00:00:04 vps5 lfd[3039]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar  4 00:00:04 vps5 lfd[19887]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar  5 00:00:04 vps5 lfd[20117]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar  5 11:52:10 vps5 lfd[8642]: daemon started on vps5.xxx.com - csf v14.09 (cPanel)
Mar  6 00:00:04 vps5 lfd[21520]: daemon started on vps5.xxx.com - csf v14.09 (cPanel)
[root@vps5 log]#
What could have happened?

Can you recommend any extra preventive measures?

Thank you!