<div>
MySQL automatically denies connections from IP address that don't have at least one matching row in mysql.user. &nbsp;Port 3306 should not be externally accessible (block via iptables/firewall)
</div>


<div>
&quot;If you are fine with third party tool then you can also use rdbgaurd.&quot;<br />
<br />
but that one is not for linux right ? that one only say MysQL but should only for MySQL on windows, agree ?
</div>


<div>
then can't use it on MySQL on linux. man.<br />
<br />
so this means no.
</div>


<div>
I will have this as condition, or I relies on the IP address list from MySQL to prevent this.
</div>


<div>
Hi!<br />
<br />
As David says <a href="https://www.experts-exchange.com/questions/29066865/MySQL-database-Brute-force-protection.html?anchorAnswerId=42357288#a42357288" rel="ugc">here</a>, then to protect you from brute force attacks you should limit the access to your MySQL/MariaDB to the <a href="https://dev.mysql.com/doc/refman/5.7/en/account-names.html" rel="ugc">users specific IP addresses or IP address range (domains) </a> and then protect the host using firewall (iptables/firewalld on Linux) and <a href="https://en.wikipedia.org/wiki/Fail2ban" rel="ugc">fail2ban</a> <br />
<br />
<a href="https://brain.demonpenguin.co.uk/2014/05/01/fail2ban-monitoring-mysql/" rel="ugc">Here</a> is a simple howto on the setup for MySQL brute-force protection using fail2ban.<br />
<br />
Regards,<br />
&nbsp; &nbsp; &nbsp;Tomas Helgi
</div>


<div>
As David said in his first message, MariaDB/MySQL already build in brute force protection using the GRANT mechanism.<br />
<br />
Also, most sites run their <a href="https://en.wikipedia.org/wiki/LAMP_(software_bundle)" rel="ugc">LAMP Stack</a> on the same machine, so your Apache + PHP + MariaDB/MySQL all live on the same machine.<br />
<br />
If this is the case you can do 100% brute force blocking by adding this to your /etc/mysql/my.cnf (or equivalent).<br />
<br />

<pre><code class="code-1 nolinks" id="code-20-42357923-1"><span>bind-address       = 127.0.0.1</span>
</code></pre>
<br />
Also keep in mind, binding to the related unix domain socket... usually...<br />
<br />

<pre><code class="code-1 nolinks" id="code-20-42357923-2"><span>socket             = /var/run/mysqld/mysqld.sock</span>
</code></pre>
<br />
Gives double or triple (depending on many factors) the throughput of connecting to 127.0.0.1 or any other IP or domain name.<br />
<br />
So be sure you create your users relative to localhost + then make your database connections using localhost, rather than IP or domain name.<br />
<br />
Skipping the network stack overhead is way slower than sockets.
</div>


<div>
Use fail2ban and create custom jails for blocking the brute force attacks . Create threshold level as per your requirements.<br />
Fail2ban is integrated with iptables, so once the attacker reaches the threshold the iptable will block him as per the configuration.
</div>


<div>
David Favor,<br />
<br />
&quot;bind-address &nbsp; &nbsp; &nbsp; = 127.0.0.1&quot;<br />
<br />
this says it receive only local host to connect and we use 'bind-address &nbsp; &nbsp;= 0.0.0.0 &nbsp;' to accept all connection.<br />
<br />
so you assuming that only web on local machine connect to it, right?<br />
<br />
<br />
&quot;Also keep in mind, binding to the related unix domain socket... usually...&quot;<br />
<br />
but this doesn't related to preventing the attack, right?
</div>


<div>
You'd only use 0.0.0.0 if you really have connections from other machines.<br />
<br />
If you do have external connections, then you'd use normal GRANTs to control access.<br />
<br />
If someone attempts logging in with some number of incorrect logins, you'd use fail2ban to block these IPs for good.<br />
<br />
You have to be clear about what you're asking. If you require no external connections, then you use 127.0.0.1 + you have no issue with attacks.<br />
<br />
The only way a person can attack a unix domain socket, is if they're already into your machine + at that point there are no blocks... because, if they're in your machine, then they're in + can do anything.
</div>


<div>
&quot;You'd only use 0.0.0.0 if you really have connections from other machines.<br />
&quot;<br />
<br />
exactly, that's why I said you, by this setting, assumes that all web and DB on the same host.<br />
<br />
&quot;If you do have external connections, then you'd use normal GRANTs to control access.&quot;<br />
<br />
MySQL internal permission right ?<br />
<br />
&quot;If someone attempts logging in with some number of incorrect logins, you'd use fail2ban to block these IPs for good.&quot;<br />
<br />
tks.<br />
<br />
&quot;You have to be clear about what you're asking. If you require no external connections, then you use 127.0.0.1 + you have no issue with attacks.<br />
&quot;<br />
<br />
but this one still need to concern the Brute-force attack on web server but not DB server, right?
</div>


<div>
If you're running a CMS like WordPress where all .php files + database are all on one machine, you'd set 127.0.0.1 so no external connections are allowed. With this configuration, all external (off machine/container) connections are blocked. This means with this config, there's no way for any brute force attacks to begin.<br />
<br />
If you enable external/offsite connections by setting 0.0.0.0 or some other IP, then you must use the GRANTs table to allow a given user@IP access to connect. This must be done explicitly. You should never just allow any person from any IP to connect.<br />
<br />
If you allow, say root@1.1.1.1 this means only IP 1.1.1.1 could possibly create a brute force attack.<br />
<br />
You could use fail2ban in this case. Normally fail2ban would be used if you had 100s or 1000s of remote IPs allows (via explicit GRANTs) to access your database.<br />
<br />
Rereading your posts, I think you've confused the meaning of 127.0.0.1 (local only) + 0.0.0.0 (external connections allowed).
</div>


<div>
&quot;This must be done explicitly. You should never just allow any person from any IP to connect.<br />
&quot;<br />
only web server you mean?<br />
<br />
usually we do allow all because of internal DB users.<br />
<br />
&quot;This must be done explicitly. You should never just allow any person from any IP to connect.&quot;<br />
<br />
if I want to allow some IP addresses comes in , how can I set it in my.cnf?
</div>


<div>
tks all,<br />
<br />
administrator, please let me awards other contributor, I can't give them score.
</div>


<div>
<div class="content wysiwyg-content">
hi,<br />
<br />
any one use any tools for MySQL or use MySQL built in tools for brute force protection ?
</div>
</div>


hi,

any one use any tools for MySQL or use MySQL built in tools for brute force protection ?

MySQL database Brute-force protection

Databases are organized collections of data, most commonly accessed through management systems including schemas, tables, queries and processes that allow users to enter and manipulate the information or utilize it in other fashions, such as with web applications or for reporting purposes.

Databases

MySQL is an open source, relational database management system that runs as a server providing multi-user access to a number of databases. Acquired by Oracle in 2009, it is frequently used in combination with PHP installations, powering most of the WordPress installations.

MySQL Server

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.