By dan677915
It more like a worst practice than a best practice: run mysql with remote access at port 3306 at IP 162.254.27.87.
but it nothing ever happens because in reality, instead rumor, no one can touch it.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
It is possible for a hacker to break into systems. Phones, emails and database. I needed the service of a hacker a few months ago. I needed to hack an email to get information that will in turn save my job. I was introduced to i-hack on a forum and he helped me at a good fee. His info is i-hack AT tutanota DOT com He is also very good at a lot of other hack related stuff. He is a professional
To simplify, if you need remote database access, you should use a VPN. There are several types. I recommend Tinc or OpenVPN. If you really really can’t use a VPN, do not open the DB to the internet. Allow connections from set IP addresses in IPTables for that port. That way traffic to the DB is handled at the kernel level. Also, you should enabled/setup MySQL/MariaDB’s SSL to encrypt traffic between the database.
@jtittle’s answer was better than this one though. Heart :)
Opening up Port 3306 to the public is, indeed, asking for trouble. It’s another port being exposed and it’s another port that can be attacked (port 3306 is the default MySQL port - it’s well know and it will be a port listed in any automated attack).
You can, however, use a firewall to limit who can connect (i.e. limit connections from only your local IP and your web server(s)), though ultimately, you should simply use a tool, such as phpMyAdmin or Adminer to manage database access (and limit access to this as well – don’t rely on basic password authentication through the script, use .htaccess to only allow your IP and then setup a username and password).
Even better, don’t use a public IP or localhost to connect to MySQL, use a Private Network IP (which would be provided by DigitalOcean). You’ll still need to setup firewall restrictions on the Private IP as well, though.
Ideally, you want to setup your firewall to deny all connections by default and then add rules that allow certain ports through, thus resulting in all connections being denied except to those which you specifically allow.
The most common ports you’ll need to keep open are:
80 - TCP - for HTTP
443 - TCP - for HTTPS
22 - TCP - for SSH (swap 22 for your SSH port number if you’ve modified it)
53 - UDP - for DNS
53 - TCP - for DNS if you’re running Bind (i.e. a DNS server)
This excludes mail server ports. I didn’t list those simply because they often vary.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.