"Millions of MySQL Servers are Publicly Exposed"

Security researchers at Shadow Server Foundation have discovered that more than 3.6 million MySQL servers are publicly exposed on the internet.  During their research, the researchers simply issued a MySQL connection request on default port 3306 to see if a server responded with a MySQL Server Greeting, rather than intrusive requests that pentesters use to break into databases.  The researchers found that 67% of all MySQL services are accessible from the internet.  Out of 3,947,457 servers, 2,279,908 servers responded with a greeting on IPV4.  Out of 1,421,010 servers, 1,343,993 servers responded with a greeting on IPV6.  The countries with the most accessible servers on IPV4 are the United States (740,100), China (296,300), Poland (207,800), and Germany (174,900).  The countries with the most accessible servers on IPV6 are the United States (460,800), the Netherlands (296,300), Singapore (218,200), and Germany (173,700).  The researchers stated that most MySQL servers use default configurations and are thus prone to attacks, which can lead to serious incidents such as massive data breaches and thefts, stolen credentials, or lateral movement across networks.  The researchers noted that the big problem is that default configurations use port 3306 and will likely expose more of the server than necessary.  The researchers said that it is not a big deal if you install it on your local machine to make some tests, but on live production websites, it extends the attack surface with vulnerabilities.  The researchers suggest that individuals change that port number, for example, to 3333, and disallow external connections from the internet if they don’t need this feature, which represents most cases.

eSecurity Planet reports: "Millions of MySQL Servers are Publicly Exposed"