Shadow Server announced that they started scanning for accessible MySQL server instances on port 3306/TCP to find instances that respond to the request with a Server Greeting. Shadow Server found approximately 2.3 million IPv4 addresses and over 1.3 million IPv6 addresses responding with a greeting. Shadow Server didn’t check for the level of access possible or exposure of specific databases.
Results
According to the research, there is a total population of MySQL servers on port 3306/TCP to be 3,957,457 on IPv4. The total population of MySQL servers responding on port 3306/TCP is 1,421, 010 on IPv6.
Among 2,279,908 MySQL servers that respond with a Server Greeting on IPv4, 1,117,659 have TLS support and 1,163,249 do not. 38,198 of the IPv6 MySQL servers that responded with a Server Greeting have TLS support while 1,307,795 do not. In total 67% of all MySQL services found are accessible from the Internet.
Most accessible IPv4 MySQL servers by country:
- United States (740.1K)
- China (296.3K)
- Poland (207.8K)
- Germany (174.9K)
Most accessible IPv6 MySQL servers by country:
- United States (460.8K)
- Netherlands (296.3K)
- Singapore (218.2K)
- Germany (173.7K)
MySQL Top 10 IPv4 versions:
- 5.7.33-36 150600
- 5.6.41-84.1 92834
- 5.7.23-23 69627
- 5.7.38-0ubuntu0.18.04.1 59333
- 5.6.51-cll-lve 58825
- 8.0.23 57148
- 5.5.68-mariadb 55401
- 5.6.50-log 54574
- 5.5.5-10.1.48-mariadb 40853
- 5.7.33-log 35809
MySQL IPv6 versions:
- 5.5.5-10.5.12-mariadb-cll-lve 908128
- 5.7.37-40-log 147072
- 5.5.5-10.5.13-mariadb-cll-lve 125320
- 5.5.5-10.5.15-mariadb-cll-lve 72856
- 8.0.27-18 20838
- 5.5.5-10.3.32-mariadb-log 11121
- 5.7.35-38 6640
- 5.5.5-10.5.15-mariadb-cll-lve-log 3435
- 5.7.23-cll-lve 2085
- 5.7.33-cll-lve 1993
Shadow Server also stated,
« It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface). If you do receive a report on your network/constituency take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server. »