how can i make sure my cpanel is disable remote mysql connection ?

Portal Home > Knowledgebase > Articles Database > how can i make sure my cpanel is disable remote mysql connection ?

Posted by ttgt, 11-24-2014, 05:19 AM
Hi, on my cpanel server,i make sure the TCP_IN does not have 3306 on csf.conf, but user tell me he ever add his remote ip within his cpanel and it works, is any way to check if 100% other server can not remote connect my server's mysql ?
Posted by madaboutlinux, 11-24-2014, 08:04 AM
You can bind Mysql to localhost by adding the following in the /etc/my.cnf file and restarting the mysql service.
Posted by ttgt, 11-24-2014, 08:10 AM
but it seems mysql upgrade will overwrite existing my.cnf setting(i recently upgrade mysql from whm),is it possible set it via csf ?
Posted by AttackerNET, 11-24-2014, 09:57 AM
Mysql upgrade should not alter your my.cnf file. However, Since it needs to be done manually you need to review your my.cnf settings after any major upgrades. You can add the following variable to your my.cnf file then restart your mysql server: You can remove any entries for port 3306 from your csf config file at /etc/csf/csf.conf then restart CSF.
Posted by ttgt, 11-24-2014, 10:16 AM
do you mean if i can not find any 3306 record within /etc/csf/csf.conf, there is no server to remote connect my mysql ?
Posted by madaboutlinux, 11-24-2014, 10:52 AM
Right, if you remove 3306 from the CSF configuration, the port will be blocked for all remote machines. To verify, you can try telnet to port 3306 of your server from your computer or other server once the port is blocked. If you cannot achieve it for some reason, the method explained earlier will surely help. Mysql upgrade won't remove the my.cnf file, however, if you place a new my.cnf file, you have to copy the entry manually.

Add to Favourites Print this Article