Comments - keeping out hackers

4 years, 11 months ago Mark Edwards

interesting that there is(was) a root entry in the "users" table that allows access from "centos7.is.cc" which is now disabled by me:

SELECT `User`, `Host`,  Password  FROM mysql.user where  Host != 'localhost'  ;
+-------------+---------------+-------------------------------------------+
| User        | Host          | Password                                  |
+-------------+---------------+-------------------------------------------+
| root        | 127.0.0.1     | *815XXXXXXXXXXXXXXXXFA |
| root        | ::1           | *815XXXXXXXXXXXXXXXFA |
| rootRENAMED | centos7.is.cc | REMOVED                                   |
+-------------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)

opinions please?

 
4 years, 11 months ago Mark Edwards

note: for fun i installed mariadb on a new cloud VPN. there was no root account automatically created using "centos7.is.cc":

SELECT `User`, `Host`,  Password  FROM mysql.user  ;
+------+-----------+-------------------------------------------+
| User | Host      | Password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *1A611754661BB8DCD7E2067EA804968C1C334ED3 |
| root | 127.0.0.1 | *1A611754661BB8DCD7E2067EA804968C1C334ED3 |
| root | ::1       | *1A611754661BB8DCD7E2067EA804968C1C334ED3 |
+------+-----------+-------------------------------------------+
3 rows in set (0.000 sec)

also, out of desperation, i DISABLED all accounts "DROP" privelege.

new vpn: Server version: 10.3.15-MariaDB MariaDB Server

 
4 years, 11 months ago Ian Gilfillan

If the machine is completely compromised, database access, DROP privileges and the like can easily be restored.

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.