mySQL Security Question

[Belaird]

I was browsing my server's databases from WHM > phpmyadmin and looked the privileges for a particular database, and found entries I did not expect
belairda 24.30.36.128 wildcard: belairda\_% ALL PRIVILEGES No Edit Privileges
database-specific ALL PRIVILEGES No Edit Privileges
belairda 62.44.82.10 wildcard: belairda\_% ALL PRIVILEGES No Edit Privileges
database-specific ALL PRIVILEGES No Edit Privileges
belairda 62.44.82.100 wildcard: belairda\_% ALL PRIVILEGES No Edit Privileges
database-specific ALL PRIVILEGES No Edit Privileges
belairda 71.198.90.169 wildcard: belairda\_% ALL PRIVILEGES No Edit Privileges
database-specific ALL PRIVILEGES No Edit Privileges
belairda bikerides.no-ip.org wildcard: belairda\_% ALL PRIVILEGES No Edit Privileges
and
root server.flx.com.au global ALL PRIVILEGES Yes

I assume these were created by some sort of exploit n the past and not suppose to be there. More recently create db's don't have these privileges.

So my question is can I remove these safely and how?

[cPanelTristan]

Do you have database prefixing on or off on your machine in WHM > Disable Database Prefix area? If you have database prefixing enabled, then you'll get grants similar to the following for any cPanel username accounts upon creation:

GRANT USAGE ON *.* TO 'cpacct3'@'localhost' IDENTIFIED BY PASSWORD '*D9D9A5D88C42480E4B782E9DD9799FB81DEBB4DF';
GRANT ALL PRIVILEGES ON `cpacct3\\_%`.* TO 'cpacct3'@'localhost';

I just tested this by adding a user to get the grants that exist for that user.

If you have database prefixing disabled, then you'll get grants similar to the following upon adding a cPanel account user:

GRANT USAGE ON *.* TO 'cpacct4'@'localhost' IDENTIFIED BY PASSWORD '*EAB3422F60AF1D7B5706D7B4FEB7E4B5AEA97B4E';

[Belaird]

I have prefixing on, what are the consequences to existing databases if I turn it off?

And should it be off?

[cPanelTristan]

There are no consequences to existing databases if you turn it off. Those databases should continue to function normally. If you turn it off, users will no longer be required to have their username at the beginning of each database name or each database user's name.

As for whether it should be off, that would be your choice. Most people do not turn off database prefixing unless they are going to migrate from another control panel besides cPanel. If they will be migrating accounts to their machine that do not have prefixing for the database names, it makes sense to turn off database prefixing. If that isn't the case for your machine(s), then you probably wouldn't need turn it off.

We have a white paper that talks further about database prefixing at the following location:

http://www.cpanel.net/DBMappingWhitePaper_r10.pdf

[smithseo]

Thanks to providing me such kind of awareness on Mysql security