List:MySQL on Win32« Previous MessageNext Message »
From:Armando Date:October 3 2005 5:53pm
Subject:Re: Security Question
View as plain text  
If it's a DoS attack then perhaps you should be speaking to your ISP and 
getting that resolved rather than trying to work around the problem on 
your side of things!

Having said that, you could possibly impose host level restrictions in 
MySQL, but that could be a lot of work to modify your existing user 
base, especially since you'd need to gather all your remote host 
information first, and then do all the updates. Cheers.

Armando

J.R. Bullington wrote:
> Hi All --
> 
> I have been a member of this list for a while but I actually have a 
> question that I can't answer.
> 
> MySQL v4.1.14-nt on Win2k3 Server
> 
> I've got someone who is trying to get in, but I have locked it down. 
> Methods used include, but are not limited to:
> 
> No Outside Root Access
> System DSNs for Web connectivity
> Strong Passwords for each user
> User Permissions different for each purpose
> 
> 
> Here's the question -- It's a DoS attack and it's locking up the system 
> for other users (max_connections_allowed).
> 
> Anything I can do extra via MySQL that will keep this person away, or 
> perhaps free up the server? I would rather not increase the 
> max_conn_allowed var as it's already at 800 (more than I need).
> 
> Do not have access to the Router (I wish I did, ACLs are such a great 
> thing), but have full Admin rights to the server.
> 
> Thanks everyone!
> 
> J.R.
> 
Thread