The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Do you allow remote MySQL access?

Discussion in 'Workarounds and Optimization' started by SoftDux, Jun 1, 2010.

Tags:
?

Do you allow remote MySQL access?

  1. Yes

    35.3%
  2. No

    64.7%
  3. not sure

    0 vote(s)
    0.0%
  1. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Hi,



    I'm curious, do you allow remote MySQL access to your server(s)?

    This could have an impact on your security and bandwidth usage, but a lot of clients also need to use it.



    So, as matter of interest, who allows remote MySQL access, and what kind of problems have you run into so far?

    Upto now we just move all clients who need remote MySQL access to a specific server that has MySQL ports open, but that server is getting full and I'm considering just opening the ports on all the servers instead. cPanel also has a utility where the client needs to add his IP to the "allow remote MySQL connections" list, so it does add some security, but it's still plain text (AFAIK), so it does open up a security hole nonetheless.



    I suppose I could change the MySQL port, OR probably even port forward another port to the MySQL port for added security.



    But has anyone really had any problems with an open MySQL server?



    P.S. I know about phpMyAdmin, and how to block the port. This isn't a "how do I block the ports", or "how do I setup phpMyAdmin" question.
     
  2. d_t

    d_t Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bucharest
    I block MySQL port from firewall for all except IPs from "Allow remote MySQL". In csf you can do this by adding the following query result to /etc/csf/csf.allow

    Code:
    mysql mysql -e "select Host,User from user where Host!='localhost' group by Host;" | awk {'print "tcp:in:d=3306:s=" $1 "\t# " $2'} | sed "s/\%//g" | egrep "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" | grep -v "127.0.0.1" | sort | uniq
     
  3. SoftDux

    SoftDux Well-Known Member

    Joined:
    May 27, 2006
    Messages:
    983
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Johannesburg, South Africa
    cPanel Access Level:
    Root Administrator
    Hi,

    Thanx for this. I never did thank you when you posted the script.

    It used to work fine but I see it doesn't work anymore. Can you perhaps confirm if it still work on your server?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page