MySQL server brute: mysqld: [Warning] access denied for user 'xxxxxx'@xx.xx.xx.xx should I be worried?

E

Eugene2019-05-11 15:54:47

MySQL

Eugene, 2019-05-11 15:54:47

MySQL server brute: mysqld: [Warning] access denied for user 'xxxxxx'@xx.xx.xx.xx should I be worried?

Periodically, in the system log I see entries of this nature:
mysqld: 2019.05.11 12:00:00 1200 [Warning] access denied for user 'xxxxxx'@xx.xx.xx.xx (using password: YES)
Here is a screenshot:

I am like this I understand, this someone brute mysql server?
Is this worth worrying about? And do we need to take any action?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

I

Ivan Shumov, 2019-05-11
@Yevhenii-S

You should not worry, but find the one who opened the MySQL port to the whole world. This is why people are losing their jobs

D

Dimonchik, 2019-05-11
@dimonchik2013

it’s worth it
if it’s open to the outside and you find a non-standard port (you have a non-standard port, after all?
and there is an irresistible need to go outside?
), then you need to urgently change

G

Georg Gaal, 2019-05-11
@gecube

First you need to understand - is there a need to keep the mysql server open to the entire Internet. This is bad practice. What can be done ? If necessary, close the firewall on the IP white list. Close VPN.

R

Rsa97, 2019-05-11
@Rsa97

At a minimum, you should install fail2ban.
And it is better to forbid the MySQL server to look outside.