What can I do to secure access to my MySQL database to stop it from getting compromised from hackers? Is there any way I can restrict access to the MySQL database to my IP only? The database is for an IPB 2.3.4 forum and the username/password are stored in a conf_global.php file that is CHMODed 0444. Any help would be greatly appreciated.
You can restrict access on multiple levels and depending on what kind of control you have to the DB. Firstly, you really must set the MySQL permissions so that access is restricted to to a single, non-privileged username and the IP of your web server (to "localhost" if it's on the same system). You can do this either from your web control panel or from the mysql CLI utility. Secondly, run MySQL without listening on a TCP connection. This is only applicable if the DB is on the same system as your web server. The web server would access the DB via a unix socket, without using the network stack. Lastly, use iptables or a firewall to block access to the MySQL port (TCP/3306) from all but your web server's IP. That'll do it.
You're most welcome Skribblez. It was a pleasure. What kind of access do you have to the server? There should be an option in your web control panel for setting up these kind of rules. The best way is to use SSH and run the iptables command on the server (as root). The following would "drop" all access to your DB port, other than the web server's IP: iptables -I INPUT -s ! <web server ip> -p tcp --dport 3306 -j DROP Code (markup):
An important step is to make sure that every user has a password. Log in to mysql and type: > USE mysql > SELECT user, host, password FROM user; You should see a large, random looking string in the password column for every row. If not, you should set one. This is particularly important for the root user because by default, mysql installs with no password for root.