guillermo scharffenorth wrote:
> My computer is constantly being scanned trying to make contact with MySQL. The IP from which it is
> scanned is 146.164.16.207 in Brazil. Since I downloaded MySQL from a Brazilian MySQL site, is
> there any chance that malicious persons checking the download logs could obtain IP addresses of
> persons downloading from their server?

Of course that's possible, people running web/ftp servers know which IPs have done what (from their logs).

Youl could see if you can find out whether there might be a connection by doing a reverse lookup of the above address, and looking up the IP of the site where you downloaded from. If it's the same domain or same subnet, there could be something going on.

Now, the big question here is: this site in Brazil you downloaded MySQL from, was it one of our download mirrors? I.e. did you go to mysql.com and then click to download and choose that mirror?
If that is the case (and the above matches up), then we'd like to know of course.

On the other hand... there are many MySQL (and general computer) users in Brazil. It could just be coincidence that your system got targeted by a scripkiddie. I presume you've taken appropriate precautions against such attacks anyway.

Regards, Arjen.
--
Arjen Lentz, Exec.Director @ Open Query (http://openquery.com)
Remote expertise & maintenance for MySQL/MariaDB server environments.

Follow us at http://openquery.com/blog/ & http://twitter.com/openquery