Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.
Of these accessible MySQL servers, 2.3 million are connected over IPv4, with 1.3 million devices over IPv6.
Furthermore, public server exposure should always be accompanied by strict user policies, changing the default access port (3306), enabling binary logging, monitoring all queries closely, and enforcing encryption.
3.6 million exposed MySQL servers
In scans performed last week by cybersecurity research group The Shadowserver Foundation, analysts found 3.6 million exposed MySQL servers using the default port, TCP port 3306.
“While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed,” explains the report from Shadow Server.
The country with the most accessible MySQL servers is the United States, surpassing 1.2 million. Other countries with substantial numbers are China, Germany, Singapore, the Netherlands, and Poland.
The scan results in detail are the following:
- Total exposed population on IPv4: 3,957,457
- Total exposed population on IPv6: 1,421,010
- Total “Server Greeting” responses on IPv4: 2,279,908
- Total “Server Greeting” responses on IPv6: 1,343,993
- 67% of all MySQL services found are accessible from the internet
(Via Bleepingcomputer)
