-----BEGIN PGP SIGNED MESSAGE-----
we received the following note from the folks at openSUSE today. Did anybody of
you observe similar activity on publicly accessible systems? I wonder if there
is some known vulnerability that these login attempts try to exploit? A MySQL
user account with a known password or no password? Or do they just do
Darix reported log entries similar to this one on IRC to me:
Oct 22 12:16:47 zen sshd: error: PAM: Authentication failure for mysql from
In any case, just a heads-up warning to you.
Lenz Grimmer <lenz@stripped>, Community Relations Manager, EMEA
MySQL GmbH - http://www.mysql.de/ - Dachauer Str. 37, 80335 München
Geschäftsführer: Kaj Arnö - HRB München 162140
http://forge.mysql.com/ | http://planetmysql.org/ | http://dev.mysql.com
- ---------- Forwarded message ----------
Date: Mon, 22 Oct 2007 12:33:24 +0200
From: Marcus Rueckert <darix@stripped>
Subject: automated search for open mysql system user accounts?
since last night i see lots of login attempts to the mysql system
account via SSH on my server. "grep -c 'Authentication failure for
mysql'" comes to 245 login attempts from changing remote hosts at
2007-10-22 already. I searched through my archived logs and could only
find 9 other attempts in the beginning of july.
I asked Lenz Grimmer if he knows about any known problems, but he wasnt
aware of any known bugs either.
He asked me to give your team a heads up about my observations.
Feel free to contact me if you want the logs or informations about my
hope this helps
openSUSE - SUSE Linux is my linux
openSUSE is good for you
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/)
-----END PGP SIGNATURE-----