0

We are trying to figure out an issue where at least one of the Wordpress webserver IPs that Azure serves our site from cannot connect to our Azure MySQL database server

The logs have continual password login failures of a user but it is not one that we recognize. Seems to be a random username. Could just be an attacker attempting brute force

The issue occurs in a Gravity form that auto populates using Populate Anything. On most selections, the autofills occur. But sometimes, like 1 in 10, nothing is populated into the select fields.

We have been stumped as to how traffic in Azure between our DB and Wordpress servers could be getting blocked sometimes.

Any insight would be appreciated as I am new to Azure

1
  • Got some error reporting to work and it is one of our server IPs that has the wrong password. There are about 20 IPs that Azure serves the site from, so this narrows it down. Not sure yet how to address this password replication issue but at least I know where it is now
    – deflator
    Commented May 3 at 15:28

1 Answer 1

0

(This is mostly comment but space limited in the comments section)

The logs have continual password login failures of a user but it is not one that we recognize

You have ignored the warnings this is presenting you. If the login attempts originate from your other hosts in Azure then they have exploitable vulnerabilities. OTOH if these are coming from other addresses then you've not put in ANY network protection on your deployment. Using 24+ random character passwords might mean a brute force attack is unlikely to succeed, but a DOS is trivial.

The best way to address the latter is with your own virtual network and security groups, but even without that, there are lots of things you can do to protect your DBMS:

  • fail2ban
  • use a TCP tunnel accessed via port knocking
  • use a UDP VPN

But sometimes, like 1 in 10, nothing is populated into the select fields

Again, you seem to be missing the elephant in the room. Why is this the only symptom you have been able to identify? Wordpress has an annoying behaviour of disabling ALL logging by default. Turn on what it euphemistically calls "debug" mode and ensure you've log rotation in place - then find the answer in your logs.

1
  • Thanks for the insight. Understood. I just started at this company a few days ago so everything here is new to me. Logging/debug mode will be implemented ASAP and I will make sure the networking people know about the issues.
    – deflator
    Commented May 2 at 13:24

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .