​Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists.

Of these accessible MySQL servers, 2.3 million are connected over IPv4, with 1.3 million devices over IPv6.

Furthermore, public server exposure should always be accompanied by strict user policies, changing the default access port (3306), enabling binary logging, monitoring all queries closely, and enforcing encryption.

3.6 million exposed MySQL servers

In scans performed last week by cybersecurity research group The Shadowserver Foundation, analysts found 3.6 million exposed MySQL servers using the default port, TCP port 3306.

Buy Me a Coffee

“While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed,” explains the report from Shadow Server

The country with the most accessible MySQL servers is the United States, surpassing 1.2 million. Other countries with substantial numbers are China, Germany, Singapore, the Netherlands, and Poland.

Heatmap of exposed MySQL servers in IPv4
Heatmap of exposed MySQL servers in IPv4 (Shadow Server)

The scan results in detail are the following:

  • Total exposed population on IPv4: 3,957,457
  • Total exposed population on IPv6: 1,421,010
  • Total “Server Greeting” responses on IPv4: 2,279,908
  • Total “Server Greeting” responses on IPv6: 1,343,993
  • 67% of all MySQL services found are accessible from the internet

(Via Bleepingcomputer)

READ
15 SpyLoan Apps with 8 Million Downloads Discovered on Google Play