The Shadowserver Foundation , a cybersecurity research group , scanned for accessible MySQL server instances on port 3306/TCP and found that about 2.3 million IPv4 addresses responded to queries, and more than 1.3 million IPv6 devices responded (although most of them were related to a single Autonomous System related). Data on accessible MySQL instances can be viewed in the Accessible MySQL Server Report .
The detailed scan data is as follows (from May 26, 2022):
- Total MySQL scanned over IPv4: 3,957,457
- Total MySQL scanned over IPv6: 1,421,010
- Total MySQL servers reachable on IPv4: 2,279,908
- Total MySQL servers reachable on IPv6: 1,343,993
Overall, 67% of all MySQL services found were accessible from the Internet (both IPv4 and IPv6). This means that there are more than 3.6 million MySQL servers that are easy targets for hackers and extortionists. "While we did not examine possible access levels or exposure of specific databases, this exposure is a potential attack surface that should be closed," Shadow Server explained.
By country, the countries with the most accessible IPv4 MySQL servers are the US (740.1K), China (296.3K), Poland (207.8K) and Germany (174.9K); the most accessible IPv6 The MySQL server countries are the United States (460.8K), the Netherlands (296.3K), Singapore (218.2K), and Germany (173.7K).
Shadow Server recommends reading the MySQL 5.7 Secure Deployment Guide or the MySQL 8.0 Secure Deployment Guide for users who want to learn how to securely deploy a MySQL server and eliminate potential security holes that may lurk in their systems .