Securing MySQL from attacks!
We did the following code modification to MySQL to protect our servers from attacks.
What it does: It logs the ip/user of failed login attempts and based on the set parameters (failed attempts per time) will block that IP from making anymore attempts for the duration specified.Since this is done silently hackers wont know if the password they sent was actually processed or not, rendering dictionary hacks useless.
Warning to critics: The following code is not meant to win the 'programmer of the year award'. It is a 'quick-fire' solution, derived from protecting our VOIP server (original code from Asterisk) to protect it from SIP hackers.
The code is released under GPL in the hope that it will be helpfull, as it has been to us, but with NO (ZERO) guarantees/warranties.
The file to modify/change is: sql/sql_connect.cc in the MySQL source folder.
There are three code blocks calle 'PAL REMARK' look for it.
Change the folder for the track file (source says /var/lib) to something different on YOUR machine(s) for added security.
This image shows how a (Chinese) hacker was blocked the moment we enabled it.
Basically overwriting your file with this and recompiling MySQL should work (but backup your source first!).
See the Asterisk version of this at http://www.abelcanada.com/secureasterisk.php