SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Hybrid View

  1. #1
    SitePoint Wizard WorldNews's Avatar
    Join Date
    Nov 2007
    Posts
    1,033
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    URGENT: What does: unauthenticated user mean & how to BLOCK them?

    Hello,

    Today doing "Show processlist" we see the following entry in the results:

    User: unauthenticated user: 61.139.105.141:46587

    along with the other entries showing root running various queries.

    FYI: above IP is from China and we have been getting all sort of problem with IPs from China.

    So:
    1- How do we Stop this unauthenticated user accessing our MySQL server?
    2- Is this a real access to our MySQL server or something else?

    Thank you for your thoughts & suggestions on this matter.

    Anoox search engine volunteer

    www.anoox.com

  2. #2
    SitePoint Enthusiast
    Join Date
    Jul 2007
    Location
    San Sebastian, Spain
    Posts
    93
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I am assuming that your server is connected directly to the Internet. The first question you need to ask is does your MySQL database server need to be accessed from the Internet or if you have a web server on the same machine and are accessing the database it via PHP? If everything is accessible locally then I would configure the firewall to block the MySQL port (default 3306). However, if your machine has been compromised the hackers may have made backdoors to get in. In which case you should back up everything and re-install a clean server but look very closely at how this is configured. Block all ports that are not needed from being accessed from the Internet (public ip address) and allow only access from local ip addresses.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •