From owner-freebsd-security@FreeBSD.ORG Mon Jan 21 11:19:08 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AF92E16A41B for ; Mon, 21 Jan 2008 11:19:08 +0000 (UTC) (envelope-from djv@iki.fi) Received: from gw02.mail.saunalahti.fi (gw02.mail.saunalahti.fi [195.197.172.116]) by mx1.freebsd.org (Postfix) with ESMTP id 737AB13C467 for ; Mon, 21 Jan 2008 11:19:08 +0000 (UTC) (envelope-from djv@iki.fi) Received: from [192.168.1.5] (a91-153-148-73.elisa-laajakaista.fi [91.153.148.73]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gw02.mail.saunalahti.fi (Postfix) with ESMTP id 14E67139445 for ; Mon, 21 Jan 2008 13:19:05 +0200 (EET) Message-ID: <47947FAA.6040605@iki.fi> Date: Mon, 21 Jan 2008 13:19:06 +0200 From: Tuomo Latto User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071031 Thunderbird/2.0.0.9 Mnenhy/0.7.5.666 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <47946AD3.2020601@opengea.org> In-Reply-To: <47946AD3.2020601@opengea.org> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: denyhosts-like app for MySQLd? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jan 2008 11:19:08 -0000 Jordi Espasa Clofent wrote: > żIs there any app like denyhosts[1] but intended for MySQLd service? > > We have a mysql ports (3306) opened for remote connections, and > obviously the /var/db/mysql/machine_name.log is full of these kind of > entries: > > ........... > 936012 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936013 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936014 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936016 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936018 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > 936019 Connect Access denied for user 'user'@'85.19.95.10' (using > password: YES) > ............. > > The idea is blocking the abusive IPs in automated way. > > [1] http://denyhosts.sourceforge.net/ How about ports/security/bruteblock? No OOTB support, but adding it should be very easy. (You just write a config file for it.) -- Tuomo ... All I want is a warm bed, a kind word and unlimited power