Re: Ever heard of anything like this?

2001-04-30 Thread Steve Brazill

I personally use SSH (running as a server on the Unix/Linux system running
MySQL,  and which is now included in the RedHat 7 release series) which is
configured to accept only 'ranges' of IP address (subnets that my dialup
ISP might assign me,  like  207.25.33.*  207.25.34.*).That should
pretty much protect you from 'snooping' while you're logging into the
system, and administering MySQL (and other stuff).

If you're performing any 'client/server' type of tasks,  you'd can do some
more research and try to 'tunnel' the MySQL traffic thru the encrypted
connection.   I have both my SSL webserver and MySQL db server next to each
other,  with a dedicated 'private' network between them (it's just a
'crossover' network cable),  so no one can watch what they're discussing...

Gary Garrett wrote:

> Yes, reverse lookups are a good idea from a static address but AITCOM is
> marketing reseller stuff to people who use dial-up connections and
> dynamic IP addresses. DNS does not have inaddr-arpa entries for dynamic
> addresses. It sounds to me if the passwords are sent in clear text, no
> Mysql Database is safe across the internet. Is there a way to encrypt
> these passwords? Even on the local network a sniffer could get a Mysql
> connection password if sent from any host other than the server console.
> What should a guy do about this?


-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php




Re: Ever heard of anything like this?

2001-04-30 Thread Gary Garrett

Yes, reverse lookups are a good idea from a static address but AITCOM is
marketing reseller stuff to people who use dial-up connections and
dynamic IP addresses. DNS does not have inaddr-arpa entries for dynamic
addresses. It sounds to me if the passwords are sent in clear text, no
Mysql Database is safe across the internet. Is there a way to encrypt
these passwords? Even on the local network a sniffer could get a Mysql
connection password if sent from any host other than the server console.
What should a guy do about this?


-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php




Re: Ever heard of anything like this?

2001-04-30 Thread Steve Brazill

Just a note.   If you're requesting "telnet" or "ftp" access to your
'colocated' systems,  the issue isn't only with your 'ISP'.   I just got
finished assisting another MySQL user in rebuilding his system (for the 2nd or
3rd time) who has been using "telnet" and "ftp" to remotely administer his
systems (it appeared that the machine had been 'hacked', and once rebuilt,
they just watched for the new login password, and hacked it again).

Though the MySQL manual (and other README notes) makes it clear that you
should set a "root" password to protect your MySQL data from intruders,  they
don't mention that you shouldn't 'broadcast' this info (or any other MySQL
user login info) over the Internet 'in the clear'.   Why you would want any
hacker watching your network traffic to 'grab' your login name and password is
beyond me...

The issue of 'reverse DNS lookups' IS relevent if they (or you) are using any
kind of 'allow/deny' lists which will need to authenticate you before making a
decision on whether to grant or deny access.   A lot of Internet Email systems
are now 'bouncing' mail that they recieve which they can't do a 'reverse
lookup' on the incoming IP to make sure it's really from who it says it is...


Gary Garrett wrote:

> We are also using AITCOM and often have problems. They seem to work on
> their network at noon on Sat. and traceroutes die at their network.They
> seem to go offline randomly also. We asked for telnet access to
> administer a Mysql database and can't get it to work. They say our DNS
> is not configured for reverse lookups.. what the hell our DNS has to
>
> do with their telnet I don't know. Their tech support is like M$oft,
> technically correct but has no relevance to the problem. You would be
> better served to learn Linux and see Rackspace.com for a dedicated
> Server you have full access to. Best bet is to find a NOC close to you
> in Internet space.
>



Re: Ever heard of anything like this?

2001-04-30 Thread Gary Garrett

We are also using AITCOM and often have problems. They seem to work on
their network at noon on Sat. and traceroutes die at their network.They
seem to go offline randomly also. We asked for telnet access to
administer a Mysql database and can't get it to work. They say our DNS
is not configured for reverse lookups.. what the hell our DNS has to

do with their telnet I don't know. Their tech support is like M$oft,
technically correct but has no relevance to the problem. You would be
better served to learn Linux and see Rackspace.com for a dedicated
Server you have full access to. Best bet is to find a NOC close to you
in Internet space.




-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php




Re: Ever heard of anything like this?

2001-04-30 Thread Cal Evans

>>We are on a virtual server..we set up with this
>>company AITcom.net to be resellers.

This is your problem, right here.

I had an account with them for 1 month.  I was going to move one of my small
sites over and if it worked out, move all my sites over. in 1 month, they
shut my server down 6 times. They disabled my telnet, canceled my SSH AND
reloaded MySQL, erasing a production database.

Cal



-
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/   (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php




Ever heard of anything like this?

2001-04-30 Thread webmaster

I can't connect to my database via mysql

This is the load of crap I'm getting...

I would appreciate any input or feedback you have.

We are on a virtual server..we set up with this
company AITcom.net to be resellers.

First of all we are getting this error message when we try to connect to the database.

Can't connect to local MySQL server through socket '/tmp/mysql.sock'

Here is their version of an answer to my problem


I wanted to get back to you as soon as possible with an answer.  Here is what I 
found.  The Pearl modules will not run in a change root file system.  The user name 
that is being called does not exist on your server.  Also, there may be a problem with 
the version of Pearl being used.
The only solution is to have a dedicated server where you have root access to the 
box.  Our shared hosting solution is designed for a virtual server using a proprietary 
Linux operating system.  With a dedicated server, you can have any version of Linux 
you would like and any version of Pearl.  This would allow you full control over the 
server and as you have stated this works on every other server you have installed.  I 
know this has been a frustrating time for you and I would like to offer a solution.  I 
will transfer all monies paid to AIT over to the cost of a dedicated server 4.  If 
this solution is acceptable, please let me know and I will have the necessary paper 
work sent to you.  I look forward to your response.

Our people are saying that the solution is this...

> > > > Tony,
> > > >
> > > > If your still getting the .sock error, ask your ISP to
> > > > recompile DBD::mysql on the server...
> > > >
> > > > There is NO configuration within our programs that
> > > > interacts with DBD::mysql in any way that can cause or
> > > > effect that error.  When DBD::mysql is compiled (installed),
> > > > it makes a note of where MySQL is and always referrs
> > > > back to that note for connecting.  If its not connecting, its
> > > > likely that DBD::mysql was either installed from RPM or
> > > > binaries or copied from another server rather then actually
> > > > compiled on that one, OR, the MySQL server has been
> > > > moved, changed, upgraded, or otherwise.

Help! Please!

Anthony Giuliani
Director of Operations
21st Century Marketing & Training Solutions, Inc.
[EMAIL PROTECTED]
voice...407-831-8722