Page 1 of 1
Am I in danger
Posted: Wed Jul 25, 2007 8:02 am
by timgolding
Sometimes when I send files to people I have to start my WAMP server, put the file in the doc root then send a link to the recipient. Yesterday I was sending some things using this method when my personal firewall (Sygate) informed me that some SQL.exe was connecting to a remote address. This was infact some time after i sent the file. I obviuosly said no to the connection and then shut down the web server.
Am at any real danger? Its apparent there was an attempt to do something unfrienldy. But what? and how can i secure in future?
Posted: Wed Jul 25, 2007 3:05 pm
by feyd
It was probably a port scanner that probes for holes in IP ranges. This happens with most IPs in the larger countries. Disallow remote connections to your database. Basically, limit the number of ports you have open at any given time to the outside world.
Posted: Wed Jul 25, 2007 3:38 pm
by timgolding
Thx for that info
all my DB user accounts are localhost. Is that enough? or do I have to block remote connections with my firewall.
Posted: Wed Jul 25, 2007 4:43 pm
by feyd
Defense in depth as the saying goes. Block all but the essential ports for incoming traffic. Make sure to turn off port forwarding on your firewall/router if you turn it on unless it's necessary to keep it running all the time. The users on your database being set to local is certainly a step, but that doesn't preclude the database having security holes that allow remote connection anyways.
Posted: Thu Jul 26, 2007 6:02 am
by timgolding
Ok thanks
Posted: Thu Jul 26, 2007 6:46 am
by timvw
Since all your users are coming from localhost anyway, can't you use (eg: named pipes) instead of tcp/ip connections for the database?
Posted: Thu Jul 26, 2007 7:38 am
by timgolding
Sounds reasonable. Where do i look for that?
Posted: Sun Jul 29, 2007 4:38 am
by Mordred
http://php.net/mysql_connect, in $server you pass the local socket (e.g. ":/tmp/mysql")