Azure Wordpress Site Intermittent MySQL Issue

Question

We are trying to figure out an issue where at least one of the Wordpress webserver IPs that Azure serves our site from cannot connect to our Azure MySQL database server

The logs have continual password login failures of a user but it is not one that we recognize. Seems to be a random username. Could just be an attacker attempting brute force

The issue occurs in a Gravity form that auto populates using Populate Anything. On most selections, the autofills occur. But sometimes, like 1 in 10, nothing is populated into the select fields.

We have been stumped as to how traffic in Azure between our DB and Wordpress servers could be getting blocked sometimes.

Any insight would be appreciated as I am new to Azure

Answer 1

(This is mostly comment but space limited in the comments section)

The logs have continual password login failures of a user but it is not one that we recognize

You have ignored the warnings this is presenting you. If the login attempts originate from your other hosts in Azure then they have exploitable vulnerabilities. OTOH if these are coming from other addresses then you've not put in ANY network protection on your deployment. Using 24+ random character passwords might mean a brute force attack is unlikely to succeed, but a DOS is trivial.

The best way to address the latter is with your own virtual network and security groups, but even without that, there are lots of things you can do to protect your DBMS:

• fail2ban
• use a TCP tunnel accessed via port knocking
• use a UDP VPN

But sometimes, like 1 in 10, nothing is populated into the select fields

Again, you seem to be missing the elephant in the room. Why is this the only symptom you have been able to identify? Wordpress has an annoying behaviour of disabling ALL logging by default. Turn on what it euphemistically calls "debug" mode and ensure you've log rotation in place - then find the answer in your logs.