[opensuse] MySQL Remote Exploit?
Hi, I just noticed that for the past half hour I've been getting remote MySQL requests at a rate of one every two seconds. They're all coming from a host in Switzerland. I couldn't find anything on the Web about new or recent MySQL remote exploits, so perhaps this is new. Has anybody else noticed anything like this? I'll point out that the only reason I spotted it was the unusual blob of activity in the Internet monitor ("krell") in GKrellM, which I've configured to monitor ports 80 (HTTP) and 3306 (MySQL). Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday February 25 2009, Randall R Schulz wrote:
Hi,
I just noticed that for the past half hour I've been getting remote MySQL requests at a rate of one every two seconds. They're all coming from a host in Switzerland.
I stopped that attempt by shutting down MySQL momentarily. It did not reoccur all day. However, when I awoke this morning and started using my computer, I saw a solid block of the same MySQL request rate (actually, it's more like one request every three seconds). It had terminated at about 6:30 AM PST (note that the Internet krell in GKrellM operates on a one-minute- per-sample rate) and had been going on for at least four and a half hours prior to that (I have a 300 pixel wide GKrellM display, giving a five hour window on the Internet krell (five minutes on all the other krells running at one sample per second). It does not appear any break-in occurred, since the newest modification time on any file in the /var/lib/mysql hierarchy was 3:00 AM, when my MediaWiki backup script runs. Randall Schulz -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, Feb 26, 2009 at 12:57 PM, Randall R Schulz
On Wednesday February 25 2009, Randall R Schulz wrote:
Hi,
I just noticed that for the past half hour I've been getting remote MySQL requests at a rate of one every two seconds. They're all coming from a host in Switzerland. <Snipped> Randall Schulz
I see these occasionally from firewall logs, generally from .cn domains. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
james Wright
-
Randall R Schulz