我的网站上有一些动态内容,它们从远程 MySQL 服务器的数据库中获取数据。我最近重建了该服务器,并在日志中看到了一些奇怪的活动。我搜索了其中几个 IP,它们显示为中文,并在安全论坛等上显示。所以我假设有人试图暴力破解我的数据库。
有人能建议我如何加强这里的安全性吗?我读过将 MySQL 数据库暴露到网络上存在安全风险,但该服务器上的数据会定期更新,我无法设置到我的网络主机的复制以保持本地连接(从而关闭远程服务器上的 MySQL 端口)。
我已为特定用户设置了远程访问权限,并设置了受限访问权限和强密码。我应该采取什么不同的措施吗?
IP address '123.108.223.200' could not be resolved: The requested name is valid, but no data of the requested type was found.
IP address '116.255.210.59' could not be resolved: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
IP address '116.255.210.59' could not be resolved: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
IP address '180.69.254.133' could not be resolved: No such host is known.
Host name 'WIN-4K2ASOOQOO9' could not be resolved: No such host is known.
Host name 'WIN-4K2ASOOQOO9' could not be resolved: No such host is known.
Hostname '142-118-74-198-dedicated.multacom.com' does not resolve to '198.74.118.142'.
Hostname '142-118-74-198-dedicated.multacom.com' has the following IP addresses:
- 204.13.152.7
IP address '182.84.98.165' could not be resolved: No such host is known.
IP address '207.47.16.69' has been resolved to the host name '207.47.16.69.static.nextweb.net', which resembles IPv4-address itself.
IP address '207.47.16.69' has been resolved to the host name '207.47.16.69.static.nextweb.net', which resembles IPv4-address itself.
IP address '207.47.16.69' has been resolved to the host name '207.47.16.69.static.nextweb.net', which resembles IPv4-address itself.
Host name 'unassigned.psychz.net' could not be resolved: No such host is known.
IP address '112.175.66.51' could not be resolved: No such host is known.
IP address '111.26.200.24' could not be resolved: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
IP address '111.26.200.24' could not be resolved: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
IP address '111.26.200.24' could not be resolved: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
Host name 'IDC-A4333C3EFF4' could not be resolved: No such host is known.
Host name 'IDC-A4333C3EFF4' could not be resolved: No such host is known.
IP address '173.208.94.206' could not be resolved: No such host is known.
IP address '111.26.200.24' could not be resolved: This is usually a temporary error during hostname resolution and means that the local server did not receive a response from an authoritative server.
答案1
阻止特定 IP 地址的规范方法是通过iptables。在 CentOS 中,该命令如下:
$ iptables -A INPUT -s 2.4.6.8 -j DROP
2.4.6.8您要访问的服务器的 IP 地址在哪里堵塞。
不过我建议默认阻止全部连接到端口 3306 (MySQL),而是只允许那些你期望的地址(即白名单):
$ iptables -N mysql
$ iptables -A mysql --src 1.2.3.4 -j ACCEPT
$ iptables -A mysql -j DROP
$ iptables -I INPUT -m tcp -p tcp --dport 3306 -j mysql
1.2.3.4您希望的服务器的 IP 地址在哪里允许。
上述命令基本改编自这个答案。