WD MyCloud IDS Security Alert


I am the network admin for a church. I run a Ubiquiti Unifi network with a UDM Pro Gateway. Our data network is a scheme, with the router at One of the employees has a WD MyCloud at Twice every day between 8-9pm I get the following security alert from the UDM’s IDS (based on Suricata):

Threat Management Alert 2: Attempted Information Leak. Signature ET SCAN Non-Allowed Host Tried to Connect to MySQL Server. From:, to:, protocol: TCP

Each day the two alerts come in at the exact same time, but the time changes from day to day.

I assume this is the WD MyCloud accessing the router to access the internet for legitimate functionality, but I am curious to know if anyone has any more definitive info.

Thanks in advance for any assistance!

Is this the My Cloud you have? WDMyCloudImage

I believe that is what he has. I have not actually laid eyes on it in quite a while. It is definitely that size, and it is from probably 3 years ago or so.


Port 3306 is from mysql itself - it’s bind address has probably been commented out. You will have to ssh into the MyCloud:

ssh root@MyCloud
(enter password)
nano /etc/mysql/mysql.conf.d/mysqld.cnf

add (or remove the “#” in front of):

bind-address =
Ctrl-o (Write out/save)
Ctrl-x (exit)
/etc/init.d/mysql restart