Over 3.6 million MySQL Servers Are Exposed On The Internet

Analysts at cybersecurity research group The Shadowserver Foundation have uncovered 3.6 million vulnerable MySQL servers on the internet. 2.3 million of these servers are connected over IPv4, while 1.3 million devices are connected over IPv6.

The United States stands in the center as the country with the most accessible MySQL servers with more than 1.2 million servers from the country. Other countries with a high number of exposed servers are China, Germany, Singapore, the Netherlands and Poland.

The detailed findings of the report include 3,957,457 exposed population on IPv4, 1,421,010 exposed population on IPv6, 2,279,908 “Server Greeting” responses on IPv4, and 1,343,993 “Server Greeting” responses on IPv6. In addition, 67% of all MySQL services found are accessible from the internet.

“While we do not check for the level of access possible or exposure of specific databases, this kind of exposure is a potential attack surface that should be closed,” the report from Shadowserver explains.

Administrators are advised to block these instances so that only authorized devices can connect to them. It is also recommended to implement other security measures for publicly exposed servers.

Some of the measures include strict user policies, changing the default access port (3306, activating binary logging, closely monitoring all queries and enforcing encryption.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web