port 3306 no correctly protected?
Posted: 06 Mar 2021, 09:01
Hello,
we have a server that needs to be able to access mysql with the root user.
We have blocked port 3306 globally.
And allowed the authorized IP in csf.allow with the following format:
We check that it works fine, but we have found a strange log:
Apparently, the firewall was working:
What could have happened?
Can you recommend any extra preventive measures?
Thank you!
we have a server that needs to be able to access mysql with the root user.
We have blocked port 3306 globally.
And allowed the authorized IP in csf.allow with the following format:
Code: Select all
tcp|in|d=3306|s=x.x.x.x
Code: Select all
cat /var/log/mysqld.log | grep "Access denied"
2021-03-03T09:27:40.493517Z 574416 [Note] Access denied for user 'root'@'185.153.196.200' (using password: YES)
2021-03-03T16:26:19.169340Z 637065 [Note] Access denied for user 'mysql'@'185.153.196.200' (using password: YES)
2021-03-04T13:35:47.298017Z 839708 [Note] Access denied for user 'toor'@'185.153.196.200' (using password: YES)
Code: Select all
[root@vps5 log]# cat lfd.log | grep stop
Mar 1 00:00:03 vps5 lfd[3744]: daemon stopped
Mar 2 00:00:03 vps5 lfd[17443]: daemon stopped
Mar 3 00:00:04 vps5 lfd[29062]: daemon stopped
Mar 4 00:00:03 vps5 lfd[3039]: daemon stopped
Mar 5 00:00:03 vps5 lfd[19887]: daemon stopped
Mar 5 11:52:10 vps5 lfd[20117]: daemon stopped
Mar 6 00:00:04 vps5 lfd[8642]: daemon stopped
[root@vps5 log]# cat lfd.log | grep start
Mar 1 00:00:04 vps5 lfd[17443]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar 2 00:00:04 vps5 lfd[29062]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar 3 00:00:04 vps5 lfd[3039]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar 4 00:00:04 vps5 lfd[19887]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar 5 00:00:04 vps5 lfd[20117]: daemon started on vps5.xxx.com - csf v14.08 (cPanel)
Mar 5 11:52:10 vps5 lfd[8642]: daemon started on vps5.xxx.com - csf v14.09 (cPanel)
Mar 6 00:00:04 vps5 lfd[21520]: daemon started on vps5.xxx.com - csf v14.09 (cPanel)
[root@vps5 log]#
Can you recommend any extra preventive measures?
Thank you!