Blocking 3306 with iptables -A INPUT -p tcp --dport 3306


 
Thread Tools Search this Thread
Special Forums Cybersecurity Blocking 3306 with iptables -A INPUT -p tcp --dport 3306
# 1  
Old 12-04-2018
Blocking 3306 with iptables -A INPUT -p tcp --dport 3306

Just added these lines to our server firewall:

Code:
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP

Even though mysql is configured to correctly only listen on port 127.0.0.1 we still see these mysql log file notes on a daily basis:

Code:
-rw-r----- 1 mysql adm 7554 Dec  3 13:34 error.log
$:/var/log/mysql# cat error.log
2018-12-03T19:34:32.308315Z 199800 [Note] Access denied for user 'popa3d'@'localhost' (using password: YES)
2018-12-03T19:34:32.899538Z 199804 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:33.068443Z 199808 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:33.255453Z 199810 [Note] Access denied for user 'wordpress'@'localhost' (using password: YES)
2018-12-03T19:34:33.463786Z 199812 [Note] Access denied for user 'wordpress'@'localhost' (using password: YES)
2018-12-03T19:34:33.675176Z 199814 [Note] Access denied for user 'wordpress'@'localhost' (using password: YES)
2018-12-03T19:34:33.874290Z 199816 [Note] Access denied for user 'wordpress'@'localhost' (using password: YES)
2018-12-03T19:34:34.042164Z 199820 [Note] Access denied for user 'wp'@'localhost' (using password: YES)
2018-12-03T19:34:34.230901Z 199822 [Note] Access denied for user 'blog'@'localhost' (using password: YES)
2018-12-03T19:34:34.403203Z 199824 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:34.619132Z 199826 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:34.810399Z 199828 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:35.000118Z 199830 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:35.199419Z 199832 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:35.359124Z 199834 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:35.529040Z 199836 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:35.733272Z 199838 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:35.913238Z 199840 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:36.094208Z 199842 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:36.244023Z 199846 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:36.439876Z 199852 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:36.620243Z 199856 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:36.830931Z 199858 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:36.995763Z 199860 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:37.289531Z 199864 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:37.454187Z 199868 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:37.733327Z 199870 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:37.896228Z 199872 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:38.116020Z 199874 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:38.304666Z 199876 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:38.478006Z 199878 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:38.655204Z 199880 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:38.828087Z 199882 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:39.002599Z 199888 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:39.169972Z 199892 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:39.349192Z 199894 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:39.610406Z 199896 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:39.783774Z 199898 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:39.985808Z 199902 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:40.191497Z 199905 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:40.379480Z 199907 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:40.562804Z 199909 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:40.761173Z 199911 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:40.931679Z 199913 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:41.100190Z 199915 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:41.287493Z 199917 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:41.461567Z 199919 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:41.635796Z 199921 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:41.815910Z 199923 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:42.024383Z 199925 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:42.209238Z 199927 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:42.434433Z 199929 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2018-12-03T19:34:42.588499Z 199933 [Note] Access denied for user 'shop'@'localhost' (using password: YES)
2018-12-03T19:34:42.819320Z 199935 [Note] Access denied for user 'shopdb'@'localhost' (using password: YES)
2018-12-03T19:34:43.050979Z 199937 [Note] Access denied for user 'ueer'@'localhost' (using password: YES)
2018-12-03T19:34:43.279000Z 199941 [Note] Access denied for user 'nas'@'localhost' (using password: YES)
2018-12-03T19:34:43.461111Z 199944 [Note] Access denied for user 'pma'@'localhost' (using password: YES)
2018-12-03T19:34:43.685673Z 199947 [Note] Access denied for user 'sql'@'localhost' (using password: YES)
2018-12-03T19:34:43.888265Z 199949 [Note] Access denied for user 'dbs'@'localhost' (using password: YES)
2018-12-03T19:34:44.071929Z 199951 [Note] Access denied for user 'money'@'localhost' (using password: YES)
2018-12-03T19:34:44.239266Z 199953 [Note] Access denied for user 'apache'@'localhost' (using password: YES)
2018-12-03T19:34:44.447544Z 199955 [Note] Access denied for user 'http'@'localhost' (using password: YES)
2018-12-03T19:34:44.691051Z 199959 [Note] Access denied for user 'web'@'localhost' (using password: YES)
2018-12-03T19:34:44.870257Z 199963 [Note] Access denied for user 'nginx'@'localhost' (using password: YES)
2018-12-03T19:34:45.067706Z 199965 [Note] Access denied for user 'joomla'@'localhost' (using password: YES)
2018-12-03T19:34:45.297600Z 199967 [Note] Access denied for user 'project'@'localhost' (using password: YES)
2018-12-03T19:34:45.510618Z 199969 [Note] Access denied for user 'db'@'localhost' (using password: YES)
2018-12-03T19:34:45.691487Z 199971 [Note] Access denied for user 'admin'@'localhost' (using password: YES)
2018-12-03T19:34:45.873751Z 199973 [Note] Access denied for user 'admin'@'localhost' (using password: YES)
2018-12-03T19:34:46.093504Z 199975 [Note] Access denied for user 'admin'@'localhost' (using password: YES)
2018-12-03T19:34:46.249483Z 199977 [Note] Access denied for user 'admin'@'localhost' (using password: YES)

Let's see if the entries in the log files go away.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Programming

Which are blocking and non-blocking api's in sockets in C ?

among the below socket programming api's, please let me know which are blocking and non-blocking. socket accept bind listen write read close (2 Replies)
Discussion started by: VSSajjan
2 Replies

2. Programming

[C++] [Unix] TCP non-blocking. Detect server disconnection procedure over, from client.

Hello! I searched forum for similar topic, with no luck, if you know one, delete this topic, and send me private message with link please. Little background: I have a lot of clients and one serwer. Client can make multiple connections on different ports and ips, but only one can be acctive... (2 Replies)
Discussion started by: ikeban
2 Replies

3. Linux

IP Tables Add Open Port 3306

Hi, Anyone can help me on how to open a port 3306 on Centos 5 for my localhost (127.0.0.1), currently I have the list iptables -L; Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt... (7 Replies)
Discussion started by: fspalero
7 Replies

4. Cybersecurity

[Linux] Blocking Your w00tw00ts with iptables

I noticed a few w00tw00ts in our Apache2 logfile the other day, so I thought I would write a quick post on blocking them with iptables. Feel free to improve upon any of my scripts or ideas in this thread. First of all, what is a w00tw00t and where might we find one? Well, a w00tw00t is an... (10 Replies)
Discussion started by: Neo
10 Replies

5. Debian

URL blocking with iptables

we have internal network 192.168.129.x for a system hosted with pdf.xxx.xyz URL is already public accessible but when try to connect as site (/ap/p.nt) of the URL pdf.xxx.xyz/ap/p.nt restriction to be applied publicly except accessing internally can anyone guide me on this?? (1 Reply)
Discussion started by: shrinuvas
1 Replies

6. Programming

Number of bytes in terminal input queue w/o blocking and consuming?

Hello, everyone. Could someone, please, tell me how to get the number of bytes in the terminal input queue without blocking and without consuming these bytes? I guess it could be called the peek functionality. I've looked at termio tcgetattr() and tcsetattr() functions but could not find... (4 Replies)
Discussion started by: Lucy.Garfeld
4 Replies

7. Cybersecurity

RedHat9:How to find what is blocking the port 1526/tcp

I'm trying to configure IDS9.40 on Ret Hat 9. The server has opened the port 1526/tcp nmap (nmap -sT -O linux) reports correctly that the port is open. However, portqry (portqry.exe -n 192.168.0.101 -e 1526 -p TCP) reports that the port is closed for connection: TCP port 1526 (turbo... (0 Replies)
Discussion started by: Juhasz Lajos
0 Replies

8. Cybersecurity

Open Port 3306 for MySQL connection

I am needing to "un-block" port 3306 so that I can access MySQL from another PC. When I installed Mandrake 8.1, I set the security level to high because it is going to be a web server. I believe I have to allow access to my ports now and I do not know the commands to do that. If anyone... (4 Replies)
Discussion started by: gdboling
4 Replies
Login or Register to Ask a Question