Question

IP addresses in MySQL logs

While going through the MySQL logs from a DO instance, I found the following entries:

2020-06-04T08:14:44.965714Z 2 [Warning] Hostname 'rnd.group-ib.ru' does not resolve to '80.82.70.118'.
2020-06-04T08:14:44.965862Z 2 [Note] Hostname 'rnd.group-ib.ru' has the following IP addresses:
2020-06-04T08:14:44.965873Z 2 [Note]  - 5.9.185.30
2020-06-04T14:20:41.322359Z 3 [Warning] Host name 'zg-0428c-606.stretchoid.com' could not be resolved: Name or service not known

I have never seen this before. Could this be a potential security concern?

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
June 5, 2020
Accepted Answer

Hi @AGhafoori,

Hmm this does look troubling. Usually, this doesn’t give out IP addresses unless specifically told so. I’ll recommend to check your whole log and see if these IP addresses occur on other lines of the log.

Additionally, you can try and enable a MySQL option which shows what command the IP Address has executed. To accomplish it, just enable the general logs in MySQL. To enable it you can follow different ways.

Put this in my.cnf file of your MySQL:

general-log=1

After that, restart MySQL server and it will start logging everything in the log file.

You can start the MySQL server with this variable at command line --general_log and it will also start creating the log file.

These logs will have all the information regarding who connected to your server and what all commands they used or executed.

Regards, KDSys

AGhafooriJune 5, 2020

Hello @KDSys,

Thanks for the suggestions. I’ll treat the server as compromised and proceed to change my keys, password etc.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.