Locking down 3306 but allowing cPanel MySQL Allowed IP's
Posted: 01 Feb 2013, 22:34
It's vital that we offer 3306 remote connection as a shared hosting provider, but at the same time, we expose ourselves to constant attacks which seem to have intensified recently.
As per forums.cpanel-net/f354/do-you-allow-remote-mysql-access-157645.html (renamed forums.cpanel-net as the forum wouldn't let me post links)
Adding:
To the /etc/csf/csf.allow was some how suppose to only allow X IP's to hit 3306 port based on my reading of it. Doesn't seem to work as I am still able to hit port 3306 remotely, from all locations. Is there any effective way to do what was being described and only allow X IP's to hit 3306.
As per forums.cpanel-net/f354/do-you-allow-remote-mysql-access-157645.html (renamed forums.cpanel-net as the forum wouldn't let me post links)
Adding:
Code: Select all
mysql mysql -e "select Host,User from user where Host!='localhost' group by Host;" | awk {'print "tcp:in:d=3306:s=" $1 "\t# " $2'} | sed "s/\%//g" | egrep "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | grep -v "127.0.0.1" | sort | uniq