The WHM Security Advisor scans for possible changes to harden your VPS security. Below we cover how to clear the following error for VPS users not using remote MySQL:
Configure bind-address=127.0.0.1 in /etc/my.cnf, or close port 3306 in server’s firewall
Security Advisor Scan
- To check for the MySQL service warning, first Login WHM as root.
- Select Security Advisor from the menu to start the scan.
- Check for the MySQL service alert.
If the alert above does display, you can fix this using one, or both, of the following methods:
Edit Config File Close Port 3306
Note: This may prevent your VPS from using remote MySQL.
Edit Config File
- SSH into your server as root.
- Edit the
/etc/my.cnf
file and add
bind-address=127.0.0.1
to the file. To do so using nano editor:
Type
nano /etc/my.cnf
and press
Enter ⤶
to open the file. Scroll to the bottom of the file using the
Down
arrow and add
bind-address=127.0.0.1
. Press
Control
and
x
for the save prompt before exiting. Press
y
, then
Enter ⤶
to save the file.
- Afterwards, rescan with cPanel Security Advisor to ensure the error doesn’t recur.
Close Port 3306 using CSF
Another option is to close port 3306 using your firewall. Advanced Policy Firewall (APF) users can remove the port from the APF configuration file using SSH as root. ConfigServer & Firewall (CSF) users can do this within WHM as root using the steps below.
- Select ConfigServer Security & Firewall from the WHM menu.
- Under csf – ConfigServer Firewall select Firewall Configuration.
- Under IPv4 Port Settings and Allow incoming TCP ports, remove “3306” from the text field.
- Select Change at the bottom, then Restart csf+lfd.
- Afterwards, rescan with cPanel Security Advisor to ensure the error doesn’t recur.
Congratulations. You’ve further enhanced your VPS security. APF users can upgrade to CSF using our installation guide or via verified email request.
Thank you for the excellent explanation. Worked great.
You’re welcome, we are always happy to help! Also, we appreciate your feedback.