Am I in danger

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
timgolding
Forum Newbie
Posts: 14
Joined: Tue Jul 24, 2007 9:02 am

Am I in danger

Post by timgolding »

Sometimes when I send files to people I have to start my WAMP server, put the file in the doc root then send a link to the recipient. Yesterday I was sending some things using this method when my personal firewall (Sygate) informed me that some SQL.exe was connecting to a remote address. This was infact some time after i sent the file. I obviuosly said no to the connection and then shut down the web server.

Am at any real danger? Its apparent there was an attempt to do something unfrienldy. But what? and how can i secure in future?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It was probably a port scanner that probes for holes in IP ranges. This happens with most IPs in the larger countries. Disallow remote connections to your database. Basically, limit the number of ports you have open at any given time to the outside world.
timgolding
Forum Newbie
Posts: 14
Joined: Tue Jul 24, 2007 9:02 am

Post by timgolding »

Thx for that info

all my DB user accounts are localhost. Is that enough? or do I have to block remote connections with my firewall.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Defense in depth as the saying goes. Block all but the essential ports for incoming traffic. Make sure to turn off port forwarding on your firewall/router if you turn it on unless it's necessary to keep it running all the time. The users on your database being set to local is certainly a step, but that doesn't preclude the database having security holes that allow remote connection anyways.
timgolding
Forum Newbie
Posts: 14
Joined: Tue Jul 24, 2007 9:02 am

Post by timgolding »

Ok thanks
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Since all your users are coming from localhost anyway, can't you use (eg: named pipes) instead of tcp/ip connections for the database?
timgolding
Forum Newbie
Posts: 14
Joined: Tue Jul 24, 2007 9:02 am

Post by timgolding »

Sounds reasonable. Where do i look for that?
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

http://php.net/mysql_connect, in $server you pass the local socket (e.g. ":/tmp/mysql")
Post Reply