Results 1 to 7 of 7
  1. #1

    Dangers of Port 3306

    I have a user who wishes to be able to connect to their database externally and requires port 3306 access on a cPanel server, is it safe to open up port 3306 (which is currently closed)?

    Anything I should be worried about?

  2. #2
    Yes, it's generally safe as long as your MySQL users have strong passwords that can't be brute forced. But, then again, who are you to police the strength of your customer's passwords?

    SimplexWebs for awesome British web hosting, servers & domain names. Seven fantastic years of it.
    Need more power? We've got Enterprise Hosting for that.

  3. #3
    Join Date
    Aug 2001
    Posts
    5,597
    Opening the port itself is no problem. A potential problem could arise if they service has exploitable bugs which could end up in a security breach. Hence you should make sure to always run the latest version and the users have strong passwords (as Ed pointed out as well).

    Then it should be somewhat safe but of course it is a possible additional point for an attack.

  4. #4
    Join Date
    Jun 2001
    Location
    Earth
    Posts
    1,259
    By default cPanel creates MySQL users with only localhost access. MySQL checks the user-id/password AND the IP that you are connecting from. If you want people to be able to remotely access MySQL you have to open port 3306 AND they (the cPanel user) have to allow remote access to the MySQL user (from cPanel). They can allow specific IP's or a wildcard.

    You'll also want to make sure you have secured MySQL. By default there is an anonymous user and a test database (that anyone can access).
    Umbra Hosting
    cPanel | Softaculous | CloudLinux | R1Soft | Ksplice
    Web Hosting, Reseller Hosting, VPS, Dedicated Servers, Colocation
    UmbraHosting.com

  5. #5
    Join Date
    Nov 2009
    Location
    Riga, Latvia
    Posts
    473
    It's like with any other port - the number of the port is not as important as the service your client is planning to run on that port.
    SERVERIA.COM: top secret servers Fully managed confidential dedicated Linux & Windows servers.
    SERVERADE.NET: server management PROs Request a quote for your server now!
    SECRETGSM.COM: anonymous SIM cards Anonymous prepaid calling cards & more.

  6. #6
    Join Date
    Oct 2002
    Location
    Langley, BC
    Posts
    2,045
    You can also use a firewall and open up that port only to the IP address that wants to access it. Ask your client from which server IP they are going to access it and open it only for that IP.

    Do the same thing if another client wants to have remote access as well. That will help it be more secure.
    We Have Generated Over 7 Million cPanel Backups Come Dance Together With Us Y'all!
    Offer Your Own Backup Hosting Service - SiteAutoBackup.Com (Private Label / WHMCS Ready)
    WebHostingBusinessBook.Com | YouTube.com/WebHostingTutorial | NowOpenOnline.Com

  7. #7
    Join Date
    Jul 2004
    Location
    London, UK
    Posts
    177
    Require ssl, plus whitelist only. Make sure stuff like root can't be accessed from outside.

    Actually safest way of all is if you have SSH access for your customers and allow them to forward to localhost. Stuff like mysql workbench will work natively with those sorts of connections and it's easy to locally socks proxy via plain ssh too for other tools.

Similar Threads

  1. Safe to open up port 3306 outgoing?
    By craigedmonds in forum Hosting Security and Technology
    Replies: 1
    Last Post: 05-10-2012, 09:56 AM
  2. Port 3306 blocked ?
    By GASB in forum Web Hosting
    Replies: 9
    Last Post: 04-04-2011, 05:09 AM
  3. Connecting to Mysql Port 3306 from my desktop
    By duckxtales in forum Hosting Security and Technology
    Replies: 9
    Last Post: 06-27-2006, 08:40 AM
  4. close port 3306 mysql?
    By domecms in forum Hosting Security and Technology
    Replies: 1
    Last Post: 01-27-2005, 06:16 PM
  5. iptables for protect port 3306
    By ibrahim in forum Hosting Security and Technology
    Replies: 5
    Last Post: 06-18-2003, 05:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •