Hi all
We keep receiving the following errors in our MySQL error log:
2019-11-02 2:47:13 111377 [Warning] Host name 'X-X-X-X.example.in-addr.arpa' could not be resolved: Name or service not known
2019-11-02 3:27:48 113358 [Warning] IP address 'X.X.X.X' could not be resolved: Name or service not known
2019-11-02 8:50:09 147361 [Warning] IP address 'X.X.X.X' has been resolved to the host name 'X.X.X.X.example.com', which resembles IPv4-address itself.
Obviously this is due to MySQL attempting to perform a reverse lookup for a connection attempt, my query is how do we trace the source of these messages? I'm assuming a customer's site is compromised and it would be nice to be able to notify them.
I'm also concerned about any potential security ramifications, we have CSF enabled with port 3306 closed to the general public. I know there is an option to disable networking in MySQL completely, unfortunately we have to have this active and port 3306 accessible to our hosting providers internal network so their backup software can interface with MySQL. We're on a dedicated VLAN etc so it shouldn't be an issue from a security perspective but would be nice to confirm.
Any guidance greatly appreciated!
We keep receiving the following errors in our MySQL error log:
2019-11-02 2:47:13 111377 [Warning] Host name 'X-X-X-X.example.in-addr.arpa' could not be resolved: Name or service not known
2019-11-02 3:27:48 113358 [Warning] IP address 'X.X.X.X' could not be resolved: Name or service not known
2019-11-02 8:50:09 147361 [Warning] IP address 'X.X.X.X' has been resolved to the host name 'X.X.X.X.example.com', which resembles IPv4-address itself.
Obviously this is due to MySQL attempting to perform a reverse lookup for a connection attempt, my query is how do we trace the source of these messages? I'm assuming a customer's site is compromised and it would be nice to be able to notify them.
I'm also concerned about any potential security ramifications, we have CSF enabled with port 3306 closed to the general public. I know there is an option to disable networking in MySQL completely, unfortunately we have to have this active and port 3306 accessible to our hosting providers internal network so their backup software can interface with MySQL. We're on a dedicated VLAN etc so it shouldn't be an issue from a security perspective but would be nice to confirm.
Any guidance greatly appreciated!
