View Single Post
  #2  
Old 06-12-2012, 10:16 PM
pfyon's Avatar
pfyon
Discordant
 
Join Date: Mar 2009
Location: Ottawa
Posts: 495
Default

It's a good time to point out to new server admins that you should restrict access to your server to a limited set of IPs. For many servers, this means localhost only. If you go and open up port 3306 and tell mysql to listen on a public interface, you open up your server to an exploit like this.

The default ubuntu install has mysql listen on localhost only (probably debian too). I'm not sure about windows.
Reply With Quote