Forum Moderators: phranque
It is the second time that I notice that someone or something sends a foreign query on my mysql database on my server. The output of the query is as follow :
You have an error in your SQL syntax near 'http://asap,http://asap' at line 1
A google search with "http://asap" led me to 2 sites such as :
snipped
Although I'm not using ASP and Microsoft products, should I see it as a very dangerous threat?
What should I do?
Thanks for helping :)
[edited by: DaveAtIFG at 4:05 pm (utc) on May 23, 2004]
[edit reason] No specifics please [/edit]
It looks like someone testing to see if you have some sort of web/ASP component on your web/sql server that can be used.
Use this incident to check your patch level. Are your operating system fully patched up, are your web server fully patched up and are your SQL server fully patched up. You might also check your configuration, to se if you can do anything more to harden your systems. For inspiration look at [nsa.gov,...] they have some good manuals for hardening.
you should check, if your mySQL-server really needs to be directly accessed form the outside. It may be a security risk to do so, even if you are at a recent patch-level, as every now and then a new vulnerability may pop up.
So if you don't really need direct accessibility to the database daemon from the outside, restrict access just to localhost only by setting
[mysqld]
port = 3306
bind-address = 127.0.0.1
in the config file /etc/my.cnf,
which would work perfectly for a local webserver to see his databases.
Regards,
R.
