As of MySQL 5.6.35, MySQL Server includes a plugin library that enables administrators to introduce an increasing delay in server response to clients after a certain number of consecutive failed connection attempts. This capability provides a deterrent that slows down brute force attacks that attempt to access MySQL user accounts. The plugin library contains two plugins:
connection_control checks incoming
connections and adds a delay to server responses as necessary.
This plugin also exposes system variables that enable plugin
operation to be configured and a status variable that provides
rudimentary monitoring information.
The connection_control plugin uses the
audit plugin interface (see
Section 24.2.4.8, “Writing Audit Plugins”). To collect
information, it subscribes to the
MYSQL_AUDIT_CONNECTION_CLASSMASK event
class, and processes
MYSQL_AUDIT_CONNECTION_CONNECT and
MYSQL_AUDIT_CONNECTION_CHANGE_USER
subevents to check whether the server should introduce a delay
before responding to client connection attempts.
CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS
implements an INFORMATION_SCHEMA table that
exposes more detailed monitoring information for failed
connection attempts.
The following sections provide information about
connection-control plugin installation and configuration. For
information about the
CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS
table, see
Section 21.32.1, “The INFORMATION_SCHEMA CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS Table”.