3.6M MySQL Servers Found Exposed Online
Researchers from Shadowserver recommend removing the servers from the Internet to shrink external attack surface.
![Letters "SQL" over a background image of a laptop, to illustrate the programming language Letters "SQL" over a background image of a laptop, to illustrate the programming language](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt1c72fab351d50e6f/64f1774d68918c2d49523a83/SQL_Marina_Vonotna_Alamy.jpg?width=850&auto=webp&quality=95&format=jpg&disable=upscale)
Shadowserver researchers scanning the Internet for exposed MySQL servers said they received more than 2.3 million IPv4- and 1.3 million IPv6 addresses in response to their connection requests on port 3306/TCP, indicating the connected servers were wide open to attack.
Of the more than 3.6 million exposed MySQL servers, most were located in the US, with more than 740,000; followed by China, with more than 296,000; and Poland, with more than 207,000 accessible devices.
"It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface)," Shadowserver said in a post about the MySQL findings. "If you do receive a report on your network/constituency, take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server."
About the Author(s)
You May Also Like
Black Hat USA - Aug 3-8 - The Premier Technical Cybersecurity Conference - Learn More
August 3, 2024Anatomy of a Data Breach - Dark Reading June 20 Event
June 20, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024