List:Packagers« Previous MessageNext Message »
From:Lenz Grimmer Date:October 22 2007 12:22pm
Subject:automated search for open mysql system user accounts? (fwd)
View as plain text  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

we received the following note from the folks at openSUSE today. Did anybody of
you observe similar activity on publicly accessible systems? I wonder if there
is some known vulnerability that these login attempts try to exploit? A MySQL
user account with a known password or no password? Or do they just do
brute-force attempts?

Darix reported log entries similar to this one on IRC to me:

Oct 22 12:16:47 zen sshd[5122]: error: PAM: Authentication failure for mysql from
62.242.188.78

In any case, just a heads-up warning to you.

Bye,
	LenZ
- -- 
 Lenz Grimmer <lenz@stripped>, Community Relations Manager, EMEA
 MySQL GmbH - http://www.mysql.de/ - Dachauer Str. 37, 80335 München
 Geschäftsführer: Kaj Arnö - HRB München 162140
 http://forge.mysql.com/ | http://planetmysql.org/ | http://dev.mysql.com

- ---------- Forwarded message ----------
Date: Mon, 22 Oct 2007 12:33:24 +0200
From: Marcus Rueckert <darix@stripped>
To:  <security@stripped>
Cc:  <lenz@stripped>
Subject: automated search for open mysql system user accounts?

hi,

since last night i see lots of login attempts to the mysql system
account via SSH on my server. "grep -c 'Authentication failure for
mysql'" comes to 245 login attempts from changing remote hosts at
2007-10-22 already. I searched through my archived logs and could only
find 9 other attempts in the beginning of july.

I asked Lenz Grimmer if he knows about any known problems, but he wasnt
aware of any known bugs either.

He asked me to give your team a heads up about my observations.
Feel free to contact me if you want the logs or informations about my
system.

hope this helps

    darix

- -- 
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)

iD8DBQFHHJYYSVDhKrJykfIRArRRAJ9RT2Rje1QCsvKNij9A80r06z79gwCcCc4M
TWY/2SxCjrk9S9E5v3shd0E=
=p0Ne
-----END PGP SIGNATURE-----
Thread
automated search for open mysql system user accounts? (fwd)Lenz Grimmer22 Oct
  • Re: automated search for open mysql system user accounts? (fwd)Michal Marek22 Oct
  • Re: automated search for open mysql system user accounts? (fwd)Michael Shigorin22 Oct