Thes spamers have to much time on hand! For a few months I could get them under controll but suddenly I get lot of spam "comming from myself" (spoofed) or otherwise. This is visible on both ISPC2 & ISPC3. In my search to check my systems I found that port 3306 is OPEN to the internet. Well in the http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3-p4 setup we remark out the localhost bind in mysql config. I do not understand the need for ISPC to be open to the internet! and the firewall do not block it either. Any suggestions or from a security side how can we secure this more? http://www.mxtoolbox.com < good tool for outside view looking to your servers.
This needs to be done, so your users are able to access their own MySQL databases with their own MySQL Workbench (or query browser/administrator). If you do not have any users that require remote connectivity to their own MySQL databases you will not break anything if you filter out tcp connections to 3306 from the Internet. It is however advisable to prohibit root MySQL access remotely (if you need administrative root connectivity consider using a different username than 'root'). In regards to spam - having a publically accessible MySQL will not raise the amount of spam you receive. Them spammers be very resourceful people unfortunately, and they would not bother spamming you if they had access to your server, but would rather turn your machine into one of their spamming zombies D.
Indeed, Hacker/Spammers will install some rootkit and use the platform leaving all else intact. Unles they Imbeciles! Dont kill the golden Goose you might say.
