Hello all,

For last several days someone, from the same IP, is trying to connect to my MySQL server. Attempts are reopeating few time each minute. I blocked the IP in iptables, moved the mysql port to different one and nothing changed - he is still traying to connect to the old one, standard, mysql port. I sent two e-mail to the person who is responsible for that IP range and I received no answer.

The part of a log file:

Also, at almost same time started brute force attack over ssh. In this case situation is more complicated because IP is changing each time. I'm not sure if those two problems are connected.

At the moment it's not a big problem for my server, firewall takes care of everying but I'm afraid if it can make some bigger trouble.

Any help and suggestion will be welcome.

Milan

ps. I'm running Suse 10.3, kernel 2.6.22.17-0.1-default, with MySQL 5.0.45 and Apache 2.2.4

Welcome to the Internet, the hostile network to end all hostile networks

My SSH gateway is scanned several times a day, and brute force attempts occur every other day. There's fairly regular vulnerability scans and attempts at SQL injections against my Apache/MySQL system, and even FTP is attacked on a not very regular basis.

Thankfully, the vast majority of this stuff is just compromised machines running scripts - as long as your passwords are good and your software is up to date, there shouldn't be anything to worry about. You might want to block persistent offenders' IPs at the firewall if you feel so inclined, or put something a little more intelligent in place to filter attacks, e.g.
http://www.la-samhna.de/library/brutessh.html

Dave

Thanks for the link.

For last tree years this is first time something like this happend, ten days without a minute of break - it's strange. And the main problem I can't contact the owner of host.