Hello all,
For last several days someone, from the same IP, is trying to connect to my MySQL server. Attempts are reopeating few time each minute. I blocked the IP in iptables, moved the mysql port to different one and nothing changed - he is still traying to connect to the old one, standard, mysql port. I sent two e-mail to the person who is responsible for that IP range and I received no answer.
The part of a log file:
Code:
May 15 10:16:58 seenet-mtp kernel: Shorewall:blacklst:DROP:IN=eth0 OUT=
MAC=00:13:d4:6a:03:f0:00:08:7c:3e:15:80:08:00 SRC=160.75.98.*
DST=*.*.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=21009 DF PROTO=TCP
SPT=4402 DPT=3306 WINDOW=65535 RES=0x00 SYN URGP=0
Also, at almost same time started brute force attack over ssh. In this case situation is more complicated because IP is changing each time. I'm not sure if those two problems are connected.
At the moment it's not a big problem for my server, firewall takes care of everying but I'm afraid if it can make some bigger trouble.
Any help and suggestion will be welcome.
Milan
ps. I'm running Suse 10.3, kernel 2.6.22.17-0.1-default, with MySQL 5.0.45 and Apache 2.2.4