Page MenuHomeDevCentral

Restrict MySQL access
Closed, ResolvedPublic

Description

We've connections to the MySQL server from suspicious IP.

According https://www.abuseipdb.com/check/88.214.26.17, this IP has been reported today for "SQL brute force auth on honeypot MySQL/MariaDB". That could explain T1520 slowness if the MySQL process is too solicited.

Ysul has a MySQL server which listens to the world with the intent to serve as demonstration and support during workshops. We could switch to Drake IP instead.

Event Timeline

dereckson triaged this task as High priority.Jul 29 2019, 17:28
dereckson created this task.
dereckson added a project: security.

Tagging security as we could need follow-up ACL to allow to connect to.

Resolved by db-B-001 deployment: MySQL server doesn't have a public IP anymore

Subtask removed to simplify the graph. It's the task where db-B-001 has been created and so solved this one.