Shadowserver Foundation analysts discovered over 3.6 million MySQL servers publicly exposed on the Internet and responding to queries, making them attractive targets. The report identifies accessible MySQL server instances on port TCP/3306. “This includes both TLS and non-TLS responses. We do not perform any intrusive checks to discover the level of access to any databases that is possible.” says the report. “Surprisingly to us, we found around 2.3M IPv4 addresses responding with such a greeting to our queries. Even more surprisingly, we found over 1.3M IPv6 devices responding as well.”
Most accessible IPv4 MySQL servers by country are as follows: United States (740.1K), China (296.3K), Poland (207.8K) and Germany (174.9K).
Most accessible IPv6 MySQL servers by country are as follows: United States (460.8K), Netherlands (296.3K), Singapore (218.2K) and Germany (173.7K).
The researchers pointed database administrators to the MySQL has a MySQL 5.7 Secure Deployment Guide and MySQL 8.0 Secure Deployment Guide. They added: “It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive a report on your network/constituency take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server.”
Read more about it here.