How to determine who is trying to access MySql - mysql

When I check the mysql query logs on our BSD server, I see, repeated again and again:
111123 8:23:11 4478 Connect Access denied for user 'Neohoo'#'localhost' (using password: YES)
4479 Connect Access denied for user 'root'#'localhost' (using password: NO)
I shut off outside access by adding the skip-networking option and restarting mysql:
cat /etc/my.cnf
[mysqld]
// The MySQL server
skip-innodb
max_connections=30
skip-networking
set-variable=local-infile=0
And verified by:
telnet bsdServer.com 3306
telnet: Unable to connect to remote host
The MySql is used with a legacy PHP application. I considered it could be an SQL injection attack but I am at a loss to find which section of the program. The mysql query logs do not show an IP address or any more useful data.
Any suggestions appreciated.

I shut off outside access by adding the skip-networking option
But these users are connecting from localhost - i.e. not across the network.
The mysql query logs do not show an IP address
Yes they do:
111123 8:23:11 4478 Connect Access denied for user 'Neohoo'#'localhost' (using password: YES)
Some client running on the machine is trying to connect.
If this machine is running a PHP webserver, particularly one facing the internet, most likely have a PHP code injection issue. Try cross referencing the timestamps on the log entries with your webserver access_log. If you've got the mysql client available on the machine, ensure that your webserver uid can't run it.

Related

Access Denied for User 'username'#'IP' error - digtal ocean

I've currently set up a staging area for my app in Digital Ocean with LAMP stack. The Framework for my app is Laravel 5.5 and Vue 2x.
In development, I've been using remote MySQL and had no issues with the connection error. However, when I moved it to the staging env, it is giving me access denied error. When I looked at it closely to the error log, Access denied is for username#[digital-ocean-droplet-ip], whereas I have properly configured the MySQL credentials to the remote host IP under laravel's config/database file.
So, I am doubtful if I have to do any configuration under Apache to allow any external MySQL connection? I forgot the cmd but I did allow sfw firewall allow to any port 3306 to the remote server IP address in Apache.
Any help is appreciated.
Thanks!
MySQL by default does not create an user with access from remote connections.
First you need to create an user on database that allows connection from outside (%) or a specific IP
CREATE USER 'newuser'#'%' IDENTIFIED BY 'password';
Than give him privileges
GRANT ALL PRIVILEGES ON *.* TO 'newuser'#'%';
The *s could be replaced by your database and table name respectively
You might also check if in your mysql configuration(/etc/mysql/mysql.conf.d/mysqld.cnf in my case) has this line uncommented
bind-address = 127.0.0.1
Change the ip if necessary
restart mysql and apache
sudo service apache2 restart
sudo service mysql restart
Than update the user and password at your .env file and try again!

MySQL: Access denied for user 'user'#'IP_ADDRESS' - Remote access allowed for some hosts fails for other hosts

Background:
I am able to access a mysql instance from some subnets but not others. At least that is what it appears to be.
Machines on network 10.0.21.xx are able to connect to the MySQL instance. But from 10.0.7.xx, I get "Access denied for user using password". Interestingly, MySQL is installed on the same subnet (10.0.7.xx) as the machines that it will not authenticate users from.
Here is the command that I issue.
mysql -u user -h 10.0.7.21 -p
And the error I get is
ERROR 1045 (28000): Access denied for user 'user'#'10.0.7.30' (using password: YES)
I have already checked the /etc/mysql/my.cnf file and made sure that mysqld listens from all IP addresses. I have also checked grant privileges to make sure it is not tied to specific ip addresses.
I'd appreciate if someone can give me additional insight. If you need me to add extra information kindly let me know.
Thanks for reading.
It turns out it was a DNS issue. What led me to go this route is the MySQL Documenation:
If you specify a host name when trying to connect, but get an error message where the host name is not shown or is an IP address, it means that the MySQL server got an error when trying to resolve the IP address of the client host to a name:
One of the solutions it offers is to flush the DNS host cache; in my case I didn't have this table.
Here are recommended fixes from the documentation:
Some permanent solutions are:
Determine what is wrong with your DNS server and fix it.
Specify IP addresses rather than host names in the MySQL grant tables.
Put an entry for the client machine name in /etc/hosts on Unix or
\windows\hosts on Windows.
Start mysqld with the --skip-name-resolve option.
Start mysqld with the --skip-host-cache option.
In my case I added the IP address of our local DNS server to the client's /etc/resolv.cnf file and then restarted network services (service networking restart).
Get the hostname from your error message and add that to your remote sql host access list.
if you error message is Access denied for user 'user'#'10.0.7.30' (using password: YES) then the host name is 10.0.7.30.
Add it to your remote host access list and you should be connected.

If the server on my mac is not running for MySQL, is can I try to run other databases on my machine?

I have a java project which connects to a MySQL database. Earlier it was working fine, but I think I messed up some of the configuration settings when trying to connect not via localhost. After messing around for hours and not making any progress (including completely reinstalling MySQL onto my mac and pc ( I was trying to connect these) ) I have given up and now am thinking of using some other database software like Postgre. Will the same error come up since its to do with not being able to connect as the server is not running?
The error at the moment is:
Your connection attempt failed for user 'root' from your host to server at 127.0.0.1:3306:
Access denied for user 'root'#'localhost' (using password: YES)
Please:
Check that mysql is running on server 127.0.0.1
Check that mysql is running on port 3306 (note: 3306 is the default, but this can be changed)
Check the root has rights to connect to 127.0.0.1 from your address (mysql rights define what clients can connect to the server and from which machines)
Make sure you are both providing a password if needed and using the correct password for 127.0.0.1 connecting from the host address you're connecting from

Access denied to remote MySQL connection request

I have a mysql database (v5.5.41) setup on a remote server and an application connects to the DB from another server to run some queries. It's been working fine but recently my DB server got a new IP address. My application can't connect to the DB anymore, the connection times out.
The application is using the DNS name of the server, not a hard-coded IP, so there shouldn't be a problem. In any case, if I run this from the application server:
mysql -u app_user -h mydb.myhost.com -p
then I get
ERROR 1045 (28000): Access denied for user 'app_user'#'xxx.xxx.xxx.xxx' (using password: YES)
If it was having trouble finding the new IP, then that command would probably just hang and timeout, so it seems to be an authentication issue. My password is definitely correct, but the application is using the same password as when the app was connecting successfully so it's not an issue of mistyping it.
I've tried deleting the user app_user from the database and re-creating, exactly as I did in the beginning:
CREATE USER 'app_user'#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'mypassword';
GRANT SELECT ON mydb.* TO 'app_user'#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'mypassword' REQUIRE SSL;
FLUSH PRIVILEGES;
I'm not sure if the DB server IP change is just a coincidence, and maybe there's some other issue.
The entry for app_user in select user, host from mysql.user shows the same IP address as in the Access Denied message above. For what it's worth, I tried changing the DB user host to * and got Host 'xxx.xxx.xxx.xxx' is not allowed to connect to this MySQL server.
Could this have something to do with SSL being required by connection attempts from this user?
The problem was related to the REQUIRE SSL in the privileges for my user. Without it, I could connect just fine. I got things working again by putting my client-cert.pem and client-key.pem files on the application server, updated my.cnf by adding:
ssl-cert = /path/to/client-cert.pem
ssl-key = /path/to/client-key.pem
...under the [client] section and restarted the mysql server.
However, I still don't understand why I was able to connect successfully before when I had done none of these things.

MYSQL Remote Connection Coda 2

I just bought Coda 2 and I want to try this feature about mysql database connection. I´m not able to connect. The error that appears is:
Unable to connect to host 1.2.3.4, or the request timed out.
Be sure that the address is correct and that you have the necessary privileges,
or try increasing the connection timeout (currently 0 seconds).
MySQL said: Can't connect to MySQL server on '1.2.3.4' (60)
The error takes 60 seconds to appear. For easy answers, Il´l make an example:
Server IP: 1.2.3.4
MYSQL Username: root
MYSQL Password: 1234root
I use xampp on a windows server. How can I connect to the mysql database remotely? About the privileges, the account I use for root has all privileges. Thank you and have wonderful holidays.
You need to configure your mysql server to allow remote access to root, usually a very bad idea. Remote access is bad enough. You would need to permit remote access and grant the root user at your remote address access.
see Enable remote MySQL connection: ERROR 1045 (28000): Access denied for user
This is why people usually install something like phpMyAdmin to get this kind of access. Setting up a non root user is another choice.