|
|
| denyhosts-like app for MySQLd? |
 
Spain |
2008-01-21 03:50:11 |
Hi all,
żIs there any app like denyhosts[1] but intended for MySQLd
service?
We have a mysql ports (3306) opened for remote connections,
and
obviously the /var/db/mysql/machine_name.log is full of
these kind of
entries:
...........
936012 Connect Access denied for user 'user' '85.19.95.10' (using
password: YES)
936013 Connect Access denied for user 'user''85.19.95.10' (using
password: YES)
936014 Connect Access denied for user 'user''85.19.95.10' (using
password: YES)
936016 Connect Access denied for user 'user''85.19.95.10' (using
password: YES)
936018 Connect Access denied for user 'user''85.19.95.10' (using
password: YES)
936019 Connect Access denied for user 'user''85.19.95.10' (using
password: YES)
.............
The idea is blocking the abusive IPs in automated way.
[1] http://denyhosts.so
urceforge.net/
--
Thanks,
Jordi Espasa Clofent
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
Spain |
2008-01-21 04:35:51 |
> Hi,
>
> There is a functionality in pf, that allows you to have
an application to
> update a list of hosts, that is used in a rule. You
could have a script
> harvest the addresses from your log files, and then
update the table in pf. I
> have not tried it myself, but was looking at adopting
an implementation to
> create a tarpit for spammers based on this idea.
Yes Tim, I know it. The "problem" is the servers
are builded in IPFW as
firewall solution.
I've tried the "limit" IPFW's option... but isn't
exactly what I'm
looking for.
--
Thanks,
Jordi Espasa Clofent
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
|
2008-01-21 05:19:06 |
Jordi Espasa Clofent wrote:
> żIs there any app like denyhosts[1] but intended for
MySQLd service?
>
> We have a mysql ports (3306) opened for remote
connections, and
> obviously the /var/db/mysql/machine_name.log is full of
these kind of
> entries:
>
> ...........
> 936012 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936013 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936014 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936016 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936018 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936019 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> .............
>
> The idea is blocking the abusive IPs in automated way.
>
> [1] http://denyhosts.so
urceforge.net/
How about ports/security/bruteblock?
No OOTB support, but adding it should be very easy.
(You just write a config file for it.)
--
Tuomo
... All I want is a warm bed, a kind word and unlimited
power
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
 
Namibia |
2008-01-21 04:26:51 |
Hi,
There is a functionality in pf, that allows you to have an
application to
update a list of hosts, that is used in a rule. You could
have a script
harvest the addresses from your log files, and then update
the table in pf. I
have not tried it myself, but was looking at adopting an
implementation to
create a tarpit for spammers based on this idea.
On Monday 21 January 2008 11:50:11 am Jordi Espasa Clofent
wrote:
> Hi all,
>
> żIs there any app like denyhosts[1] but intended for
MySQLd service?
>
> We have a mysql ports (3306) opened for remote
connections, and
> obviously the /var/db/mysql/machine_name.log is full of
these kind of
> entries:
>
> ...........
> 936012 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936013 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936014 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936016 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936018 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936019 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> .............
>
> The idea is blocking the abusive IPs in automated way.
>
> [1] http://denyhosts.so
urceforge.net/
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
Namibia |
2008-01-21 04:53:48 |
On Monday 21 January 2008 12:35:51 pm Jordi Espasa Clofent
wrote:
> > Hi,
> >
> > There is a functionality in pf, that allows you to
have an application to
> > update a list of hosts, that is used in a rule.
You could have a script
> > harvest the addresses from your log files, and
then update the table in
> > pf. I have not tried it myself, but was looking at
adopting an
> > implementation to create a tarpit for spammers
based on this idea.
>
> Yes Tim, I know it. The "problem" is the
servers are builded in IPFW as
> firewall solution.
> I've tried the "limit" IPFW's option... but
isn't exactly what I'm
> looking for.
As far as I know you can run both. You can just have minimal
rules in pf to
deal with this, and pass everything else, and deal with the
rest in ipfw.
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
Spain |
2008-01-21 13:29:34 |
> As far as I know you can run both. You can just have
minimal rules in pf to
> deal with this, and pass everything else, and deal with
the rest in ipfw.
I'm not a coder... but I think it shouldn't be a good idea.
--
Thanks,
Jordi Espasa Clofent
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
 
France |
2008-01-21 18:28:04 |
Jordi Espasa Clofent wrote:
> Hi all,
>
> żIs there any app like denyhosts[1] but intended for
MySQLd service?
>
> We have a mysql ports (3306) opened for remote
connections, and
> obviously the /var/db/mysql/machine_name.log is full of
these kind of
> entries:
>
> ...........
> 936012 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936013 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936014 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936016 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936018 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936019 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> .............
>
> The idea is blocking the abusive IPs in automated way.
why do you open your mysql port to the world?
if you want to let users in from any place, then an ssh
tunnel is safer
(yes, works even on windows, using putty or whatever. and a
user who
finds this difficult shouldn't be able to run sql
commands!).
If this is too much, at least use a different port to reduce
the noise
(This won't add security, but will somehow limit exposure).
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|
| Re: denyhosts-like app for MySQLd? |
France |
2008-01-21 14:57:22 |
Hi,
On Mon, Jan 21, 2008 at 10:50:11AM +0100, Jordi Espasa
Clofent wrote:
> We have a mysql ports (3306) opened for remote
connections, and obviously
> the /var/db/mysql/machine_name.log is full of these
kind of entries:
>
> ...........
> 936012 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936013 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936014 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936016 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936018 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> 936019 Connect Access denied for user 'user''85.19.95.10' (using
> password: YES)
> .............
>
> The idea is blocking the abusive IPs in automated
way.
>
> [1] http://denyhosts.so
urceforge.net/
You may have a look at Fail2Ban:
http:
//www.fail2ban.org/wiki/index.php/Features
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot
org >
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-secu
rity
To unsubscribe, send any mail to
"freebsd-security-unsubscribefreebsd.org"
|
|