Skip navigation links

MySQL Forums :: Security :: Port 3306 Open to Internet


Advanced Search

Re: Port 3306 Open to Internet
Posted by: Jonathan Lampe ()
Date: November 29, 2005 11:05PM

Yes, your hosting company sucks - dump them ASAP. It's not that hard to scan an open MySQL channel for username and password combinations (hint: use a slow, staggered scan), and it's likely neither you or your hosting company will detect such a scan.

The bit about MySQL being on Windows doesn't matter that much; I've found that its possible to install MySQL in a harder configuration on Windows than under *nix (thanks mostly to the Microsoft Encrypted FileSystem and the Windows 2003 feature that will toast data if someone tries to go in as an admin), but it's likely that someone who has exposed raw MySQL to the Internet hasn't taken the necessary hardening steps for either operating system.

Options: ReplyQuote


Subject Views Written By Posted
Port 3306 Open to Internet 55352 it 11/22/2005 03:16AM
Re: Port 3306 Open to Internet 22285 Jonathan Lampe 11/29/2005 11:05PM
Re: Port 3306 Open to Internet 26134 igdsoftware 04/09/2006 06:38PM
Re: how do I open a port for mysql 33008 Ronnie Siakor 09/26/2006 11:17AM
Re: how do I open a port for mysql 12312 simon lok 02/25/2009 09:53AM
Re: Port 3306 Open to Internet 20989 Thomas Butler 10/04/2006 09:18AM
Re: Port 3306 Open to Internet 11798 Thomas Butler 10/04/2006 09:24AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.