Results 1 to 7 of 7
Thread: Dangers of Port 3306
-
09-13-2012, 06:30 AM #1Disabled
- Join Date
- Jan 2011
- Posts
- 674
Dangers of Port 3306
I have a user who wishes to be able to connect to their database externally and requires port 3306 access on a cPanel server, is it safe to open up port 3306 (which is currently closed)?
Anything I should be worried about?
-
09-13-2012, 06:32 AM #2Aspiring Evangelist
- Join Date
- Sep 2011
- Posts
- 411
Yes, it's generally safe as long as your MySQL users have strong passwords that can't be brute forced. But, then again, who are you to police the strength of your customer's passwords?
SimplexWebs for awesome British web hosting, servers & domain names. Seven fantastic years of it.
Need more power? We've got Enterprise Hosting for that.
-
09-13-2012, 06:48 AM #3Web Hosting Master
- Join Date
- Aug 2001
- Posts
- 5,597
Opening the port itself is no problem. A potential problem could arise if they service has exploitable bugs which could end up in a security breach. Hence you should make sure to always run the latest version and the users have strong passwords (as Ed pointed out as well).
Then it should be somewhat safe but of course it is a possible additional point for an attack.
-
09-13-2012, 06:53 AM #4Web Hosting Master
- Join Date
- Jun 2001
- Location
- Earth
- Posts
- 1,259
By default cPanel creates MySQL users with only localhost access. MySQL checks the user-id/password AND the IP that you are connecting from. If you want people to be able to remotely access MySQL you have to open port 3306 AND they (the cPanel user) have to allow remote access to the MySQL user (from cPanel). They can allow specific IP's or a wildcard.
You'll also want to make sure you have secured MySQL. By default there is an anonymous user and a test database (that anyone can access).█ Umbra Hosting
█ cPanel | Softaculous | CloudLinux | R1Soft | Ksplice
█ Web Hosting, Reseller Hosting, VPS, Dedicated Servers, Colocation
█ UmbraHosting.com
-
09-13-2012, 07:30 AM #5Web Hosting Evangelist
- Join Date
- Nov 2009
- Location
- Riga, Latvia
- Posts
- 473
It's like with any other port - the number of the port is not as important as the service your client is planning to run on that port.
SERVERIA.COM: top secret servers Fully managed confidential dedicated Linux & Windows servers.
SERVERADE.NET: server management PROs Request a quote for your server now!
SECRETGSM.COM: anonymous SIM cards Anonymous prepaid calling cards & more.
-
09-13-2012, 09:10 AM #6How Can I Help You Today?
- Join Date
- Oct 2002
- Location
- Langley, BC
- Posts
- 2,045
You can also use a firewall and open up that port only to the IP address that wants to access it. Ask your client from which server IP they are going to access it and open it only for that IP.
Do the same thing if another client wants to have remote access as well. That will help it be more secure.██ We Have Generated Over 7 Million cPanel Backups Come Dance Together With Us Y'all!
██ Offer Your Own Backup Hosting Service - SiteAutoBackup.Com (Private Label / WHMCS Ready)
██ WebHostingBusinessBook.Com | YouTube.com/WebHostingTutorial | NowOpenOnline.Com
-
09-13-2012, 11:39 AM #7Junior Guru
- Join Date
- Jul 2004
- Location
- London, UK
- Posts
- 177
Require ssl, plus whitelist only. Make sure stuff like root can't be accessed from outside.
Actually safest way of all is if you have SSH access for your customers and allow them to forward to localhost. Stuff like mysql workbench will work natively with those sorts of connections and it's easy to locally socks proxy via plain ssh too for other tools.
Similar Threads
-
Safe to open up port 3306 outgoing?
By craigedmonds in forum Hosting Security and TechnologyReplies: 1Last Post: 05-10-2012, 09:56 AM -
Port 3306 blocked ?
By GASB in forum Web HostingReplies: 9Last Post: 04-04-2011, 05:09 AM -
Connecting to Mysql Port 3306 from my desktop
By duckxtales in forum Hosting Security and TechnologyReplies: 9Last Post: 06-27-2006, 08:40 AM -
close port 3306 mysql?
By domecms in forum Hosting Security and TechnologyReplies: 1Last Post: 01-27-2005, 06:16 PM -
iptables for protect port 3306
By ibrahim in forum Hosting Security and TechnologyReplies: 5Last Post: 06-18-2003, 05:20 PM