All Questions
125
questions
1
vote
1
answer
93
views
Hardening the security of a backup shell script of a web-server with mysql database
In the case of a simple web-server with a MySQL database, the script has to dump the database, copy the web-server files and tar everything together. Then a NAS server Rsync the tar file via a "...
- 11
2
votes
1
answer
620
views
Can an unauthorized login attempt occupy a MySQL connection for a long time?
My MySQL has a limited number of concurrent connections defined by the max_connections variable by my cloud provider. Currently limited to 151 connections.
There is only one web server using this ...
- 295
0
votes
1
answer
524
views
Connect to production database on vps from local dev environment
I am using a Ubuntu 20.04.1 LTS VPS with a deployed Laravel Framework 6.20.16 application.
I am currently connecting to my mysql database via ssh using dbeaver, using simply root@IP_Address and my ...
- 117
0
votes
1
answer
3k
views
Original php mysql extension for php56
First a note: Yes, I'm well aware this extension in deprecated and has a ton of security flaws, I'm duplicating a clients active server in docker for recovery and migration (after client's server was ...
- 109
0
votes
1
answer
328
views
Server being overloaded by flood attack [duplicate]
I have a strong server, with 64GB Ram and amazing network and SSD for fast connections, but someone, I don't know why, is attacking my website, it seems that it is a script requesting my index.php ...
0
votes
0
answers
27
views
Web Server Security Strategy
I was hacked yesterday and so I've been thinking all day how I could make my system secure.
I'm thinking of doing setting up a hypervisor that runs a few VM's.
The architecture I have in mind is ...
- 101
3
votes
3
answers
2k
views
Access AWS EC2 MySQL instance remotely - Best practice
We have a small business with less than 10 employees. We have a MySQL database with sensitive information that is hosted on an AWS EC2 instance. The employees need to have access to the DB. Currently, ...
- 133
5
votes
2
answers
7k
views
MySQL: Is it a security risk to deactivate the setting "bind-address"?
I have had a problem with a webapp connecting properly to a MySQL server and to solve it i tried to comment out the setting bind-address in the file my.ini.
That seemed to solve the problem, however ...
- 153
-1
votes
1
answer
83
views
MySQL 5.7 and GDPR [closed]
Hella !
I know how GDPR requires me to hide all personal data and make it impossible to get a match on any living person with any combination of the tables records. But any of you have experience ...
- 1,096
0
votes
2
answers
3k
views
local mysql was hacked with ransomware hack. How to check if database data was downloaded?
I had a test mysql database running on Vagrant dev box. Turns out the network wasn't that secure.
All of the databases were deleted (and replaced with a DB ransomware note) and in the logs I can see ...
0
votes
1
answer
615
views
mysql logs showing strange attempts at getting access to mysql server potentially. If so, How to determine source? [closed]
Does the below indicate a security threat? If so, how can I block it?
2018-10-25T18:54:50.549213Z 217151 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-10-25T18:54:50....
- 33
1
vote
5
answers
526
views
Is there a secure way to run multiple MySQL CLI commands without having to keep asking the user for a password?
I have a bash script that runs a bunch of MySQL commands, separated by user input.
Each time a query is run, the password must be re-entered.
I understand it's best to avoid putting the password on ...
- 984
1
vote
1
answer
419
views
MySQL through SSH Tunnel
I have a php web application (Server A) that accesses MySQL on a remote server (Server B) through an SSH tunnel. Once the tunnel is set up, I can log in and run queries on Server B from Server A ...
- 11
0
votes
2
answers
3k
views
Changing user running mysqld in my.cnf
In my my.cnf file there is a user defined under section mysqld called mysql as below:
[mysqld]
user = mysql
I read that this is the user under which mysqld service runs. My questions are:
...
- 783
2
votes
2
answers
5k
views
Is using MySQL Workbench over the Internet safe?
Let's say I have a server with an SQL Database somewhere on the other side of the planet. Is it safe to establish a connection over the Internet? e.g. with MySQL Workbench.
I'm asking because I heard ...
10
votes
3
answers
4k
views
How can I change a MySQL user password without typing it visibly on the console?
I've seen various methods to set passwords in MySQL, e.g, things like:
GRANT USAGE ON db.* to 'dave'@'localhost' IDENTIFIED BY 'supersecretpassword');
SET PASSWORD [FOR 'dave'@'localhost'] = PASSWORD(...
- 870
6
votes
5
answers
49k
views
MySQL SSL: SSL_CTX_set_default_verify_paths failed
I have been trying for a few days in get SSL working with MySQL.
This is the setup I currently have:
MySQL 5.7.17-0ubuntu0.16.04.1
This is the error I am receiving when I start MySQL Server
...
- 181
1
vote
2
answers
1k
views
MySQL hacked on AWS AMI: 'Pay to get data back' - how could this be possible and how to avoid it next time?
Today morning I noticed that some of the websites I host on a EC2 instance aren't working. When I verified the MySql database, it was wiped out! :( The only thing I have found was only a record ...
- 231
1
vote
1
answer
639
views
How can encrypting the key increase security level in MariaDB data at rest encryption?
I am following the instructions here to encrypt a database in MariaDB:
https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/
Obviously, it requires us to generate a key which will be used to ...
- 619
0
votes
1
answer
1k
views
How can I encrypt the passwords of all datasets in my mysql table?
I am running an ProFTPD Server with a MySQL backend for user authentication.
The passwords for the users are currently in plaintext. And my goal is, that all the users have encrypted passwords ...
- 83
0
votes
1
answer
317
views
Multiple unauthorized connections to MySQL Server
I just had a quick look into my MySQL Servers logfiles.
There I found the same entry repeated 30 to 40 times, it all happened within one minute.
It's the following:
<TIMESTAMP> | <THREAD&...
- 103
0
votes
1
answer
40
views
Configure my first vServer [closed]
I recently rented my first vServer (Ubuntu, LAMP + Webmin preinstalled). I need it because of a Java app I wrote that should run as a game server on it. I'm familiar with Ubuntu as I'm using it as my ...
- 121
0
votes
0
answers
126
views
MYSQL error: IP address could not be resolved [duplicate]
My website is hosted with Linode, I installed webmin on Ubuntu 14.04 to manage it. Recently my database server keeps shutting down, when I look at /var/log/mysql, there are several log files in there
...
- 199
7
votes
1
answer
7k
views
MySQL /nonexistent home vs "No directory, logging in with HOME=/"
The preinst script in the Debian/Ubuntu packages for MySQL sets the default home directory for the MySQL server to /nonexistent, presumably as a security measure - the MySQL server has its own datadir ...
- 3,270
1
vote
0
answers
802
views
configure apache to use sql server authentication using password and salt
I got a web application which I want to protect using apache authentication. I found out that it uses sha1+salt to store passwords. Since auth_mysql_module is deprecated I try to use authn_dbd_module. ...
- 101
-1
votes
2
answers
108
views
Preventing a user from running a script that should only be run by a CRON job?
I have a contact form on my site which uses $HTTP requests instead of reloading on the form submit. It's a really awesome feature, but it also opens up some nasty doors.
My contact form sends an ...
- 135
0
votes
2
answers
833
views
IPtables on Linux for mysql server private interface
Looking to make a mysql database server for web-servers.
The server has a public & private interface and I need some assistance writing the rules.
I want to only allow SSH, mysql via private ...
- 3
32
votes
1
answer
4k
views
Is MariaDB a secure replacement for MySQL?
I've been using MariaDB, "an enhanced, drop-in replacement for MySQL" on my Debian stable servers for years, because of its increased performance.
However I've noticed that it appears to lag with ...
- 3,139
0
votes
2
answers
238
views
Protecting mysql instance on Linux Azure VM
I have mysql running in a Linux Azure VM. It's currently bound to the "Internal IP Address" of the VM as looked up in ifconfig and the Azure Dashboard. I've turned on logging to see who and what is ...
- 103
1
vote
2
answers
217
views
Where are MySQL users and passwords stored?
When I delete 'mysql'.'user' table I'm still able to log in as any user I've created before.
How is this possible?
- 13
4
votes
2
answers
433
views
How to implement table security without SUPER privilege?
A MAJOR provider of cloud-based MySQL does not grant the SUPER privilege to the master user. The provider is Amazon RDS, but my question isn't about Amazon RDS specifically, it's for the general case ...
- 1,083
-1
votes
1
answer
48
views
Run two mysql process on one data directory
I would like to launch two mysql process on one data directory (/var/lib/mysql)
I have two servers, web-01 and web-02 but web-01 locked mysql data directory, and i would like to break this security. ...
4
votes
2
answers
121
views
Multiple websites on multiple servers - seperate mysql or not
I currently have 2 Debian servers (VPS with 4 GB memory) and am hosting a variety of websites of differing importance: some are production sites, while others are demo/staging/test sites. ...
- 343
0
votes
1
answer
243
views
MySQL via SSL on VPC private subnet
Is an SSL connection recommended when connecting to a MySQL database server via a private subnet?
SSL provides encryption but SSL causes a performance hit. The MySQL database server only serves ...
- 1,605
1
vote
1
answer
52
views
Auditing connections using certificates
We would like to have clients connect to our MariaDB server, using client certificates from a trusted (internal) issuer and then log which user connected.
Unfortunately, the following limitations are ...
2
votes
1
answer
4k
views
Securing MySQL debian-sys-maint
With a fresh (but old) install of Ubuntu and MySQL, I found I could access the MySQL via command line client without being asked for any user or password.
This bothered me as the default situation, ...
- 203
2
votes
2
answers
464
views
EC2 & MySQL security
The current infrastructure contains two servers located in Amazon EC2: application server, and MySQL server.
Concern: security of communication between the application server and the database, ...
- 583
2
votes
0
answers
207
views
What kind of hacking attempt is this? [closed]
This past week, my traffic logs are showing many hits (usually with repeated tries) for a url from perhaps 30+ different ip addresses all over the world. This is not a url that should garner more than ...
- 439
-1
votes
1
answer
2k
views
Removing Unnecessary Services & Packages in a MySQL Ubuntu 12.04 Server [duplicate]
As part of hardening a standalone/dedicated MySQL 5.6 server running on Ubuntu 12.04 LTS, unnecessary services and packages will have to be removed.
For a server that is serving only as a MySQL ...
- 233
0
votes
1
answer
1k
views
Site security - how to filter incoming traffic to a specific port
Just ran a security test on ScanMyServer.com, the results showed a medium risk vulnerability:
Database Reachable from the Internet
Summary:
The remote host is running a database server that is ...
- 11
42
votes
4
answers
172k
views
Allow linux root user mysql root access without password
On cPanel when I am logged in as root and type "mysql" without hostname and password it gives me direct access to mysql root user.
I would like to do this for one of my non-cpanel server where the ...
- 481
0
votes
0
answers
962
views
mysqldump over ssh and mysql restore - security issue?
I've just found a one liner to mirror a local mysql database on a remote server, over ssh:
mysqldump -uroot -proot zedatabase | ssh -p4551 [email protected] "mysql -udoom -pmySqlPassword zedatabase"
...
- 303
-5
votes
1
answer
70
views
Ticketing server database security [closed]
I want to setup a ticketing system which will show the seats available instantly. However, for security, I do not want to open my database in internet. I want to setup a server which has public IP and ...
2
votes
3
answers
2k
views
MySQL Injection Attacks? Random URL's Causing Errors
We just started running our own web server a few months ago on Rackspace (they are great). I use NewRelic (also pretty cool) to monitor server usage and I am getting error alerts that appear to me to ...
- 23
3
votes
3
answers
318
views
Should I set a mysql root password?
I have a webserver hosted on AWS, with the security group allowing access from all IP address's to TCP port 22 (ssh) and 443 (https). ssh access requires a user to have my private key.
Should the ...
- 433
0
votes
1
answer
564
views
How to block an IP, if it is making many http/apache/mysql requests in a second?
If some one tried force burst attack on my website, how can i block their IP address?
I mean, I want to block an IP if I am getting many http/Apache/SQL requests per second from it. How can i prevent ...
- 1
0
votes
1
answer
302
views
Is the connection from PHP to a different MySQL server 100% secure?
I tried to find this information but was not able to.
How is working the connection from PHP to MySQL server.
As the password is sored plain, is it also sent plain to MySQL if it is stored on a ...
- 103
0
votes
1
answer
277
views
More secure way of sending MySQL commands from a remote server on the command line
What is the most secure way of running SQL commands from a web server to a remote MySQL server from the command line. I can think of two ways:
mysql --host mysql.mydomain.com --user admin --password ...
- 5,498
-1
votes
1
answer
206
views
Database connection to another server
I have 2 Servers - one for PHP, and one for MySQL
Both servers are hardened - and now my question is, what's the correct way to set up a connection to the Database Server, from PHP?
Probably over SSH?...
- 225
-2
votes
2
answers
63
views
Recommended UNIX user for CMS access to MySQL [closed]
This article recommends the UNIX nobody user to access MySQL from Joomla scripts. Is this standard practice? Moreover, is it reasonable to use it, say, both for Joomla and WordPress?
- 577