MySQL error 2003 from remote computer

[Notawiz]

Hello,

While doing some testing, I tried to connect (and query) to our MySQL database on our VPS at 64.119.182.162 from a remote machine, and received the underneath error message.

Code:

Can't connect to MySQL server on '64.119.182.162' (10060) in c:\program files\easyphp\www\vx2_final\test\test_remote_db.php on line 40

The local computer runs Apache, PHP and MySQL alright.

The used code is the regular

Code:

$dbh=mysql_connect($dbHost,$dbUser,$dbPass) or die ($msg1 . mysql_error());

PHP function, where the variable $dbHost="64.119.182.162";

Am I making a mistake here or is it just not possible?

[WHSP-Mark M]

Hi Jan,

Thanks for the post, by default most databases are locked down to remove connections for security purposes. You would need to add your remote IP address to the database in which you are trying to connect to, so the server would permit a connection to made from this IP address.

If you have any questions on how to do this, please let us know.

Thanks
Mark,
WebHSP Support

Hello,

While doing some testing, I tried to connect (and query) to our MySQL database on our VPS at 64.119.182.162 from a remote machine, and received the underneath error message.

Code:

Can't connect to MySQL server on '64.119.182.162' (10060) in c:\program files\easyphp\www\vx2_final\test\test_remote_db.php on line 40

The local computer runs Apache, PHP and MySQL alright.

The used code is the regular

Code:

$dbh=mysql_connect($dbHost,$dbUser,$dbPass) or die ($msg1 . mysql_error());

PHP function, where the variable $dbHost="64.119.182.162";

Am I making a mistake here or is it just not possible?

[snapback]296[/snapback]

[Notawiz]

Hello Mark,

Hum, makes sense to me that it has to do with security.

I have not yet investigated further on how to add an IP to the database, because I tried this specific access from my development machine, connected to the Internet through a revolving proxy.

I've read something about better using a PHP tunnel for this, where the request is sent as an HTTP request, but must first look for suitable source code to give that solution a try.

In any case, if I were running the test from another web server, I will use your suggestion.

Thnaks for the answer, was useful.

[WHSP-Mark M]

Hi Jan,

It is certainly not a problem. If you run into any problems, please let us know.

Thanks!
Mark,
WebHSP Support

[Notawiz]

Hello Mark,

Well, spent hours reading technical stuff, and seems that none will work with my set-up.

I also tried as suggested to add a new user for MySQL, via phpmyadmin, like this
 User          Host   Password       Global privileges       Grant
 xquisitu_test    %     Yes                SELECT                  No

but this triggers the same error as when I first posted.

Logically, if I use the "%" wildcard, that means "any host", so it doesn't matter after all from where I query the database, right? Even a local machine on a revolving proxy IP, I guess.
And limiting the privilege to Select should be enough for the testing I had in mind. But I didn't even get that far, since the mysql_connect failed.

I must be missing another detail somewhere. Any idea what I do wrong here ?

edited:
I also tried the same from a script I uploaded to another "real" web server, and this time, instead of the mysql error message, I get a 500 Internal server error!!!

[WHSP-Mark M]

Hi Jan,

I apologize for the delay in my responce...I did some looking into this myself, and it would seem that unlike our shared accounts, our VPS services have remote inbound access to the SQL database blocked by our firewall by default as a security measure. We can open the ports to allow a remote connection to be made, but this will open it up to everybody, so there would be nothing to stop someone from trying to gain access to your MySQL database (mind you they would obviously need to know your login details) .

 It is on that basis that we usually do not recomend having the ports opened, however it is your decison as it is your Virutal Environment. If you wish to proceed with this, please let us know via a helpdesk ticket (so we can get to it faster) and we will make the arrangments with our Data Center to have the ports opened up to inbound connections.

Regards,
Mark

Hello Mark,

Well, spent hours reading technical stuff, and seems that none will work with my set-up.

I also tried as suggested to add a new user for MySQL, via phpmyadmin, like this
 User        Host   Password     Global privileges     Grant
 xquisitu_test    %     Yes              SELECT                No

but this triggers the same error as when I first posted.

Logically, if I use the "%" wildcard, that means "any host", so it doesn't matter after all from where I query the database, right? Even a local machine on a revolving proxy IP, I guess.
And limiting the privilege to Select should be enough for the testing I had in mind. But I didn't even get that far, since the mysql_connect failed.

I must be missing another detail somewhere. Any idea what I do wrong here ?

edited:
I also tried the same from a script I uploaded to another "real" web server, and this time, instead of the mysql error message, I get a 500 Internal server error!!!

[snapback]300[/snapback]

[Notawiz]

Hello Mark,

No sweat, I was myself out of office.

As for the blocking by the Firewall, we'll leave it that way.
We intended just to run some tests, so it's not a critical point.

It will perhaps be better to "grab" the distant table, and import it in the local machine on demand, fairly similar to our existing daily backups of MySQL.

Or even, if only a few values are needed, use a redirect header with $_GET or $_POST variables.

For my personal documentation however, if the requests for MySQL access came all from only one known and trusted IP, would that open the security breach?
In my personal software firewall, I always have the choice to allow trafic of some type and/or requested by a defined IP. Is this not the same on the server firewalls?

Regards.

[jamesy]

Hello Mark,

No sweat, I was myself out of office.

As for the blocking by the Firewall, we'll leave it that way.
We intended just to run some tests, so it's not a critical point.

It will perhaps be better to "grab" the distant table, and import it in the local machine on demand, fairly similar to our existing daily backups of MySQL.

Or even, if only a few values are needed, use a redirect header with $_GET or $_POST variables.

For my personal documentation however, if the requests for MySQL access came all from only one known and trusted IP, would that open the security breach?
In my personal software firewall, I always have the choice to allow trafic of some type and/or requested by a defined IP. Is this not the same on the server firewalls?

Regards.

[snapback]302[/snapback]

Hi Notawiz,

Send in a ticket and include the IP address you would be connecting from. We'll check it out with our Network Operations Center.

Regards,

James @ WebHSP

[Notawiz]

Hello James,

For the moment we'll leave this subject aside, since our Board is considering to change the whole approach of our website business.

Thanks anyhow for the offer.

Regards.

Jan

Hi Notawiz,

Send in a ticket and include the IP address you would be connecting from. We'll check it out with our Network Operations Center.

Regards,

James @ WebHSP

[snapback]380[/snapback]