Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Unauthorized Remote MySQL Accesss

Discussion in 'Security' started by dave_83, Nov 10, 2016.

Tags:
  1. dave_83

    dave_83 Member

    Joined:
    Nov 10, 2016
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Los Angeles, CA
    cPanel Access Level:
    Root Administrator
    I found a few unknown ip address entries under mysql remote access. How did this happen? I use safe passwords and as far as I know, brute force has catched all attempts. At first I thought that whm had a firewall enabled by default, but after searching for the settings section, I realized that I didn't have a firewall... until now (csf), which is a bit too late.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,491
    Likes Received:
    1,964
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Users can authorize remote IP addresses to MySQL via the following option in cPanel:

    Remote MySQL - Documentation - cPanel Documentation

    Is it possible an existing user authorized an IP address to the databases associated with their account?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dave_83

    dave_83 Member

    Joined:
    Nov 10, 2016
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Los Angeles, CA
    cPanel Access Level:
    Root Administrator
    No. I'm the only authorized user.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,491
    Likes Received:
    1,964
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You'd have to enable additional MySQL logging functionality to track MySQL access, as referenced in your other thread at:

    Is there a way to see remote mysql connections?

    You could also review /usr/local/cpanel/logs/access_log to see if any other IP addresses accessed cPanel for the account.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. dave_83

    dave_83 Member

    Joined:
    Nov 10, 2016
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Los Angeles, CA
    cPanel Access Level:
    Root Administrator
    That solves the mystery. It looks like I actually added those IPs, it's a bit odd because I don't recall adding any Amazon aws connections... but the host adding url was executed from my IP, and based on the user agent I can say that it was most likely my computer. I also checked my firewall and there was no RPD connection that day.

    I did find a lot of other IPs trying to login to cpanel. What is the best way to secure my cpanel installation? is there a guide that would walk me through the best practices?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,585
    Likes Received:
    440
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,491
    Likes Received:
    1,964
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You could also use Host Access Control to allow your IP address or IP address range and deny all other access attempts to services such as cPanel/WHM if you are the only person accessing cPanel on the system. Information on how to complete this is available at:

    Host Access Control - Documentation - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice