Not the answer you need?
Register and ask your own question!

Manu Access denied for user in logs

AkumaAkuma EntrantInactive User Role Novice
Hello, I use a docker image percona:5.7 and today I noticed many "Access denied for user" in logs.
Is this normal behavior or someone trying to brutforce my server or something else?
Port 3306 is exposed.
2019-01-12T04:18:53.277786Z 7970 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:53.403212Z 7971 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:53.537067Z 7972 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:53.690169Z 7973 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:53.837710Z 7974 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:53.995017Z 7975 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:54.149238Z 7976 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:54.301906Z 7977 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:18:54.422882Z 7978 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T04:22:51.341862Z 8014 [Note] Access denied for user 'farther'@'10.255.0.2' (using password: YES)

2019-01-12T04:49:17.747239Z 8085 [Note] Access denied for user 'changed'@'10.255.0.2' (using password: YES)

2019-01-12T05:15:52.646675Z 8183 [Note] Access denied for user 'o'clock'@'10.255.0.2' (using password: YES)

2019-01-12T05:42:08.310092Z 8277 [Note] Access denied for user 'passing'@'10.255.0.2' (using password: YES)

2019-01-12T06:07:54.277620Z 8415 [Note] Access denied for user 'girls'@'10.255.0.2' (using password: YES)

2019-01-12T06:33:57.365733Z 8531 [Note] Access denied for user 'force'@'10.255.0.2' (using password: YES)

2019-01-12T06:59:44.990036Z 8656 [Note] Access denied for user 'situation'@'10.255.0.2' (using password: YES)

2019-01-12T07:26:44.448341Z 8807 [Note] Access denied for user 'greater'@'10.255.0.2' (using password: YES)

2019-01-12T07:35:35.284494Z 8860 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)

2019-01-12T07:53:19.451639Z 8964 [Note] Access denied for user 'expression'@'10.255.0.2' (using password: YES)

2019-01-12T08:19:40.095796Z 9100 [Note] Access denied for user 'eat'@'10.255.0.2' (using password: YES)

2019-01-12T08:46:47.619866Z 9297 [Note] Access denied for user 'reading'@'10.255.0.2' (using password: YES)

2019-01-12T09:13:22.263099Z 9476 [Note] Access denied for user 'spoken'@'10.255.0.2' (using password: YES)

2019-01-12T09:40:25.689876Z 9639 [Note] Access denied for user 'raised'@'10.255.0.2' (using password: YES)

Comments

  • AkumaAkuma Entrant Inactive User Role Novice
    Hello, I'm using a docker image percona:5.7 and today I noticed many "Access denied for user" in container logs.
    Is this normal behavior or someone trying to bruteforce me or something else?
    2019-01-12T07:35:35.284494Z 8860 [Note] Access denied for user 'root'@'10.255.0.2' (using password: YES)
    2019-01-12T07:53:19.451639Z 8964 [Note] Access denied for user 'expression'@'10.255.0.2' (using password: YES)
    2019-01-12T08:19:40.095796Z 9100 [Note] Access denied for user 'eat'@'10.255.0.2' (using password: YES)
    2019-01-12T08:46:47.619866Z 9297 [Note] Access denied for user 'reading'@'10.255.0.2' (using password: YES)
    2019-01-12T09:13:22.263099Z 9476 [Note] Access denied for user 'spoken'@'10.255.0.2' (using password: YES)
    2019-01-12T09:40:25.689876Z 9639 [Note] Access denied for user 'raised'@'10.255.0.2' (using password: YES)
    
  • IMPIMP Percona Percona Staff Role
    Hi,

    indeed it looks you are being scanned by some host, however, it's hard to tell which one, as 10.255.0.2 is a private IP address. I'd recommend to check what source IP is trying to scan you on your router/firewall and block it. Moreover, it is advisable to not expose port 3306/tcp on the world, but only to a set of trusted hosts.

    Best,
    IMP.
  • AkumaAkuma Entrant Inactive User Role Novice
    Well, I changed the port number to non-standard and there is no more such logs.
    Thanks.
  • IMPIMP Percona Percona Staff Role
    Akuma,

    note, that it doesn't seem to be a secure solution, as it is relatively easy to get the list of open ports of an instance.

    Best,
    IMP.
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.