Secure your remote MySQL

[demz]

I got searching for the trick, didnt find it here on DA forum..
Apf wasnt able to auto block it (mysql port) and is not a nice workaround anyway.

So here the simple answer for the people who like and need it..

1. locate my.cnf
2. add: skip-networking
3. reload mysql

What it does?
Only lets local-users and scripts who use: localhost access your mysql deamon.

Nobody from outside world may enter.. (nmap your server )

Just my 2 cents

 

[jnet]

thanks a lot dear,Can you explain more which file I should edit what to put there I know nothing.
any other feed back for this?

shall I go for it? any side effects?

 

[demz]

hi,

Well, sure go for it

Advantages: nobody can hack/exploit/bruteforce your mysqld...
(NOTE: from the outside, only local; i asume you know who your customer are so when they try you can sue them in court )
Because the simple fact the service/port is closed for outside..

Side effect:
Only and read this good: only local users can access there database..
They must use mysql database: localhost for there scripts...

So when your using DA in an cluster enviroment with split/special mysql servers for customers who use like in example:

Webserver: server01.otherloserhost.com
and you:
SQLserver: sql1.thebetterwebhoster.com

and they combine these, or maybe its both you; the block would not work for you...

 

[floyd]

thanks a lot dear,Can you explain more which file I should edit what to put there I know nothing.

Already answered.

1. locate my.cnf
2. add: skip-networking
3. reload mysql

 

[demz]

indeed floyd!

1. locate my.cnf
2. add: skip-networking
3. reload mysql

Just type: locate my.cnf (in prompt/ssh)
If database is old? type: updatedb
Then retry..

Then edit the my.cnf

 

[floyd]

Also http://help.directadmin.com/item.php?id=44

 

[demz]

true, but thats kinda the other end of the world... (extreme)..

Thats like if you have 20 users with databases containing 50mb of data in the tables..

Like if you need that, you better go look for an dedicated sql server...

imho... extreme tweaking...

 

[floyd]

I don't know what jnet's needs are.

One of my servers has over 1000 users with almost 6000 domains 2000 databases and the largest database is 2.7 GB.

 

[demz]

No to attack you but when you have 1000 users on one server...

WTF.. how can you garantee speed? must be an blade server?? or what are the specs???!

 

[floyd]

top - 15:49:50 up 11 days, 2:22, 2 users, load average: 1.51, 2.30, 2.45
Tasks: 216 total, 1 running, 215 sleeping, 0 stopped, 0 zombie
Cpu0 : 19.5%us, 7.3%sy, 0.1%ni, 30.9%id, 41.6%wa, 0.1%hi, 0.5%si, 0.0%st
Cpu1 : 12.6%us, 10.3%sy, 0.0%ni, 64.0%id, 12.9%wa, 0.0%hi, 0.2%si, 0.0%st
Cpu2 : 12.8%us, 8.5%sy, 0.1%ni, 68.6%id, 10.0%wa, 0.0%hi, 0.1%si, 0.0%st
Cpu3 : 10.0%us, 5.7%sy, 0.0%ni, 66.6%id, 17.5%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 4081728k total, 3672288k used, 409440k free, 55548k buffers
Swap: 1020024k total, 3352k used, 1016672k free, 2019692k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4045 mysql 20 0 99.3m 83m 2904 D 2 2.1 3:13.14 mysqld
23389 root 20 0 2400 1032 712 R 2 0.0 0:00.01 top -n 1

 

[LawsHosting]

I thought the rule of thumb was to have x 2 times the amount of ram for the swap ?

 

[jnet]

I don't know what jnet's needs are.

One of my servers has over 1000 users with almost 6000 domains 2000 databases and the largest database is 2.7 GB.

I believe you

 

[jackc]

I thought the rule of thumb was to have x 2 times the amount of ram for the swap ?

you shouldn't need to use more than 2G swap.

 

[floyd]

I thought the rule of thumb was to have x 2 times the amount of ram for the swap ?

That was a long time ago.

I have definitely noticed a slow down when more than 512 MB of swap is being used. Generally I will create 1 GB of swap and increase the ram if possible if the swap being used goes over 100 MB or so. Anytime swap is being used the machine is running slower than it could be.

You will notice in my example that after 11 days still only 3 MB of swap is being used. There is no point in wasting 8 GB of disk space when I will never need it. I will notice a problem after 512 MB gets used and either increase the ram or move some users.

 

[nobaloney]

The rule actually is twice memory up to 512mb. I got that information from one of the main kernel contributors so I believe him. It's also been published in a lot of places.

The 2x rule actually came from old Unix distributions, which, when they crashed, would try to write all working memory to swap, so you could debug the crash. But linux never did that.

Jeff

 

[demz]

top - 15:49:50 up 11 days, 2:22, 2 users, load average: 1.51, 2.30, 2.45
Tasks: 216 total, 1 running, 215 sleeping, 0 stopped, 0 zombie
Cpu0 : 19.5%us, 7.3%sy, 0.1%ni, 30.9%id, 41.6%wa, 0.1%hi, 0.5%si, 0.0%st
Cpu1 : 12.6%us, 10.3%sy, 0.0%ni, 64.0%id, 12.9%wa, 0.0%hi, 0.2%si, 0.0%st
Cpu2 : 12.8%us, 8.5%sy, 0.1%ni, 68.6%id, 10.0%wa, 0.0%hi, 0.1%si, 0.0%st
Cpu3 : 10.0%us, 5.7%sy, 0.0%ni, 66.6%id, 17.5%wa, 0.0%hi, 0.2%si, 0.0%st
Mem: 4081728k total, 3672288k used, 409440k free, 55548k buffers
Swap: 1020024k total, 3352k used, 1016672k free, 2019692k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4045 mysql 20 0 99.3m 83m 2904 D 2 2.1 3:13.14 mysqld
23389 root 20 0 2400 1032 712 R 2 0.0 0:00.01 top -n 1

no comment..
Glad im not your customer... hehe
difference between webhosters and webhosters is big i see...
6000 on one 4 proc webserver.. very risky, i would have spread the users on different machines..

 

[floyd]

very risky, i would have spread the users on different machines

Obviously you cannot speak for my business needs or my customers needs. This has got way off topic. If anyone wants to continue this line of discussion we should probably start another thread. I would be happy to respond to any questions in the new thread.