[Micronet] Attacks on MySQL

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Attacks on MySQL

John Ives
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Everyone,

Over the past few days we have seen a spike in the number of attackers
targeting MySQL servers.  In these incidents we are seeing the attackers
attempt to execute programs via the cmdshell function.  While the
attacks appear to be targeting systems running an older version of MySQL
on Windows, there are actually two issues at play here. The first is
obviously the need to patch programs like MySQL.  As with any network
facing software, keeping up with the patches for MySQL is an essential
part to ensure its overall security and stability.

The second issue deals with having a database server listening to all
inbound connections. In many cases, it is unnecessary for the database
server to listen on the network.  In these cases, using a firewall
and/or configuring the database server to listen only on local loopback
interface goes a long way toward securing the database. Where listening
to the network is necessary, we recommend limiting incoming connections
to specific IP addresses and ports via a firewall.

Yours,

John Ives

- --
- -------------------------------------------------------------------------
John Ives                                           Phone (510) 642-7773
System & Network Security     Cell (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMECYkAAoJEJkidK6qbywsyPcH/RNy49rTGHQKPXsDYG8t+ZDt
Y1NXGwRFBPLgjog9X02YQtxJB0KQUwrnzL3Aqgka4IaFm2HeHx5b6hds7W1pCQtT
Q3f/TiXmvkThZoAuszobwDA5Jm1Wyc1NP1RvKxJeoUmy+JYs61/E1r6sF/thJYPk
D2AvVyTyC319LPtcS1NjwX/k1oIp/RwepnF2mB/hZw1tM2diG/Z5O/K5uB4SS9wh
J3lrjHq9L5LmqCRu4IzT9TZlML7Unh+9TmhxyePvQvDkdSZ+hRrMzt701yD/8kXK
+A4ToPgNgzL5KK/a86s3R2y2AMoICXGav9cIoEswk/Sn8ZprOEbuZnAi4W3OxMc=
=LVOy
-----END PGP SIGNATURE-----

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.