URGENT: What does: unauthenticated user mean & how to BLOCK them?

[WorldNews]

Hello,

Today doing "Show processlist" we see the following entry in the results:

User: unauthenticated user: 61.139.105.141:46587

along with the other entries showing root running various queries.

FYI: above IP is from China and we have been getting all sort of problem with IPs from China.

So:
1- How do we Stop this unauthenticated user accessing our MySQL server?
2- Is this a real access to our MySQL server or something else?

Thank you for your thoughts & suggestions on this matter.

[rcashell]

I am assuming that your server is connected directly to the Internet. The first question you need to ask is does your MySQL database server need to be accessed from the Internet or if you have a web server on the same machine and are accessing the database it via PHP? If everything is accessible locally then I would configure the firewall to block the MySQL port (default 3306). However, if your machine has been compromised the hackers may have made backdoors to get in. In which case you should back up everything and re-install a clean server but look very closely at how this is configured. Block all ports that are not needed from being accessed from the Internet (public ip address) and allow only access from local ip addresses.