MySQL Forums
Forum List  »  Security

Re: Port 3306 Open to Internet
Posted by: Jonathan Lampe
Date: November 29, 2005 11:05PM

Yes, your hosting company sucks - dump them ASAP. It's not that hard to scan an open MySQL channel for username and password combinations (hint: use a slow, staggered scan), and it's likely neither you or your hosting company will detect such a scan.

The bit about MySQL being on Windows doesn't matter that much; I've found that its possible to install MySQL in a harder configuration on Windows than under *nix (thanks mostly to the Microsoft Encrypted FileSystem and the Windows 2003 feature that will toast data if someone tries to go in as an admin), but it's likely that someone who has exposed raw MySQL to the Internet hasn't taken the necessary hardening steps for either operating system.

Options: ReplyQuote


Subject
Views
Written By
Posted
96399
it
November 22, 2005 03:16AM
Re: Port 3306 Open to Internet
30399
November 29, 2005 11:05PM
32886
April 09, 2006 06:38PM
37680
September 26, 2006 11:17AM
15388
February 25, 2009 09:53AM
24222
October 04, 2006 09:18AM
14491
October 04, 2006 09:24AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.