Experts Found More Than 3.6 million Unprotected MySQL Servers

The Shadowserver Foundation research team says it has found more than 3.6 million unsecured MySQL servers that are publicly available on the Internet and responding to requests, making them an attractive target for hackers and ransomware.

Let me remind you that we also talked about Vulnerability in WordPress Tatsu Builder Plugin Is under Attack, and also that Using Pre-Hijacking Attacks, Hackers Can Compromise Other People’s Accounts Even before They Are Registered.

We scan by issuing a MySQL connection request on port 3306/TCP and collecting server responses that respond with a MySQL Server Greeting. This includes both TLS and non-TLS responses. We do not perform any intrusive checks to discover the level of access to any databases that is possible. Aside from all of IPv4 space, we also scan IPv6 based on hitlists collected from various sources.experts from The Shadowserver Foundation said.

During the scan conducted by experts, it turned out that more than 3.6 million unsecured MySQL servers can be found on the network using the default port (TCP 3306). 2.3 million of them were connected via IPv4, and another 1.3 million via IPv6.

  • Server Greeting responses received over IPv4: 2,279,908;
  • Received Server Greeting over IPv6 responses: 1,343,993;
  • 67% of all MySQL services found are available from the internet.
  • Although we have not tested the possible level of access or vulnerability of specific databases, this type of vulnerability is a potential attack field that should be closed.the experts explain.

    unsecured MySQL servers

    According to the collected statistics, the country with the largest number of available MySQL servers is the United States, where there are more than 1.2 million of them, followed by China (about 300,000 servers), Germany (about 175,000 servers), as well as Singapore, the Netherlands and Poland.

    The researchers note that although web services and applications often connect to remote databases, they must be secured so that only authorized devices can connect to them. In addition, access to a public server should always be limited by strict policies, changing the default port, logging, as well as careful monitoring of all requests and forced encryption.

    Leave a Comment

    About William Reddy

    I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.