more of 250 attacks to MySQL from 'root'@'189.112.244.234' why my cPanel/server NO blocked this address from attempt 10 ?

000

Well-Known Member
Jun 3, 2008
436
19
68
hello, in my file
Code:
/var/log/mysqld.log
I find this attack TODAY March 30:
Code:
2021-03-30T04:54:21.335078Z 54157 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:21.864026Z 54158 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:22.397098Z 54159 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:22.933115Z 54160 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:23.502674Z 54161 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:24.052094Z 54162 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:24.611676Z 54163 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.140205Z 54164 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.173095Z 54166 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.173137Z 54165 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.178490Z 54167 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.716346Z 54168 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.742885Z 54169 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:25.743302Z 54170 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.232251Z 54171 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.238066Z 54172 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.293242Z 54173 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.315575Z 54174 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.793764Z 54175 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.803198Z 54176 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.830676Z 54177 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:26.879730Z 54178 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:27.324766Z 54179 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:27.331633Z 54180 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:27.399228Z 54181 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:27.408199Z 54182 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
2021-03-30T04:54:27.858784Z 54183 [Note] Access denied for user 'root'@'189.112.244.234' (using password: YES)
...
...
...
what I need install/setup/config to avoid this attacks?, why CSF no't block this IP?

you can see ALL attacks come from same IP,
you can see that is SEVEN attacks by second from same IP.

Is necessary we install some SW ?
or we have BAD config CSF ?


Thanks by your help.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
7,494
1,009
313
cPanel Access Level
Root Administrator
Hey hey! cPHulk doesn't track MySQL logins as there are a list of services it watches here:


I don't believe that CSF monitors this area either, but if you don't need remote access to MySQL you could just block port 3306 in the firewall and not have to worry about this happening in the future.
 

000

Well-Known Member
Jun 3, 2008
436
19
68
...if you don't need remote access to MySQL...
thanks master @cPRex in this server we need REMOTE access, then again:

what I need install/setup/config to avoid this attacks?

our hope is: in attack number 6 = host remote blocked.