المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : فايروول CSF Firewall والحماية من MySQL port (3306) is open



Rise Company
02-09-2021, 14:26
فايروول CSF Firewall والحماية من MySQL port (3306) is open
Csf firewall help with recommandation about sql port
Do I need to open incoming or outgoing for remote mysql?
Open port 3306 on the server

https://www.rise.company/upload/uploads/163058535561391.png
المشكلة :

The TCP incoming MySQL port (3306) is open. This can pose both a security and server abuse threat since not only can hackers attempt to break into MySQL, any user can host their SQL database on your server and access it from another host and so (ab)use your server resources.

حل المشكلة على مستوي السيرفر :

داخل اعدادات csf قم بحذف port برقم 3306 المسئول عند السماح
للدخول عن بعد على قاعدة البيانات, يجب غلقها للمزيد من الحماية.

حل المشكلة على مستوي المستخدم :

للسماح لمستخدم محدد من الدخول من بعد يجب وضعه فى whitelist
I'd recommend not opening up 3306, and just whitelisting the IP's you want to connect
from in CSF this way the port stays closed, but your remote whitelisted IP's can access it.
If you are using CSF its very easy, you can do:


# csf -a 111.222.333.444


This will allow the IP the ability to access any port regardless if its closed, you can also open only 3306 for a specific IP
if you prefer not to allow the IP access to ALL closed ports:
You would have to modify the file: /etc/csf/csf.allow
and add:


tcp|in|d=3306|s=111.222.333.444


make sure to restart CSF

المرجع:
https://forums.cpanel.net/threads/open-port-3306-without-csf.626711/
https://forums.cpanel.net/threads/do-i-need-to-open-incoming-or-outgoing-for-remote-mysql.65736/
https://forums.cpanel.net/threads/open-port-3306-on-the-server.593459/