@dan677915
Opening up Port 3306 to the public is, indeed, asking for trouble. It’s another port being exposed and it’s another port that can be attacked (port 3306 is the default MySQL port - it’s well know and it will be a port listed in any automated attack).
You can, however, use a firewall to limit who can connect (i.e. limit connections from only your local IP and your web server(s)), though ultimately, you should simply use a tool, such as phpMyAdmin or Adminer to manage database access (and limit access to this as well – don’t rely on basic password authentication through the script, use .htaccess to only allow your IP and then setup a username and password).
Even better, don’t use a public IP or localhost
to connect to MySQL, use a Private Network IP (which would be provided by DigitalOcean). You’ll still need to setup firewall restrictions on the Private IP as well, though.
Ideally, you want to setup your firewall to deny all connections by default and then add rules that allow certain ports through, thus resulting in all connections being denied except to those which you specifically allow.
The most common ports you’ll need to keep open are:
80
- TCP - for HTTP
443
- TCP - for HTTPS
22
- TCP - for SSH (swap 22 for your SSH port number if you’ve modified it)
53
- UDP - for DNS
53
- TCP - for DNS if you’re running Bind (i.e. a DNS server)
This excludes mail server ports. I didn’t list those simply because they often vary.
Yes.
Yes? I am sorry, I am not sure what the yes applies to. Could you please clarify? Believe it or not, I am trying to learn something here. I stated a hypothesis as though it is a solid fact but the truth is, I really don’t know.
If yes is a response to the question that is the topic of this thread, then maybe could how it can be done. I don’t it can be. Can you get in there and steal my stuff?
@dan677915 Basically, you are giving a point of access. Yes, it is insecure. Writing an answer now.
Viruses and security breaches can happen at anytime. Our company has been using DarkWeb to protect our email accounts, phones and devices from getting hacked. Its a free service, and I highly recommend it for businesses. They also provide hack services. visit darkwebsolutions dot co
They provide the best hack services hacking services. Diligent and reliable!