I need to turn on networking for MySQLd, but every time I do, the server gets brute-forced into oblivion. Some mean password guessing script starts hammering on the server, opening a connection on port 3306 and trying random passwords forever.
How can I stop this from happening?
For SSH, I use denyhosts, which works well. Is there a way to make denyhosts work with MySQLd?
I've also considered changing the port MySQL is running on, but this is less than ideal and only a stop-gap solution (what if they discover the new port?)
Does anyone have any other ideas?
If it makes a different, I'm running MySQL 5.x on FreeBSD 6.x.
Best Answer
I don't know of any denyhosts-like software packages for MySQL, but I do have a couple of solutions:
Edit:
To answer your comment, try this:
Where .20 is your MySQL and .50 is the remote connecting IP address.