The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mysql attack

Discussion in 'General Discussion' started by persianwhois, May 31, 2007.

  1. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Hello,
    How can view mysql request ip? and how can limit mysql to localhost?
    Mysql used 100% of my cpu.
    I think mysql attacked.
     
    #1 persianwhois, May 31, 2007
    Last edited: May 31, 2007
  2. approx

    approx Well-Known Member

    Joined:
    Mar 6, 2007
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Type

    Code:
    mysqladmin -i2 processlist status
    to see all query to your mysql server

    as default, mysql only allow connection from localhost only.
     
  3. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator

    Thanks.
    can see request ip address?
     
  4. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    What's this?

    I see following usage in service status. is this normal?
    Code:
    Top Process	%CPU 6.6	/usr/sbin/mysqld --basedir/ --datadir/var/lib/mysql --usermysql --pid-file/var/lib/mysql/server.come2host.net.pid --skip-external-locking --socket/var/lib/mysql/mysql.sock
    
     
  5. WhmSonic

    WhmSonic Well-Known Member

    Joined:
    Mar 19, 2007
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    Problem maybe little DDOS attacks from httpd, Im not sure investigate needed. This will cause mysql usage if someone attack to any forum search.php or someting like this. I dont know what is your os but use below command and see the result.

    This command will show how many ip connected to your server port 80 and show per ip how many connected you will see if 1 ip connected more then 70 ~ 80 to your server this mean your httpd under the SYNC or DDOS attack.
    Code:
    netstat -autpn | grep :80 | awk '{print $5}' | cut -d. -f1-4 | cut -d: -f1 | sort -n | uniq -c | sort -n
    If you have problem you will have to install Firewall, or ban ip's with this command:
    Code:
    iptables -I INPUT 1 -s IP -j DROP
    Exp: iptables -I INPUT 1 -s 192.168.0.10 -j DROP

    But for your understand, IPTables ban is not stable, server will remove ip's when you reboot your machine.
     
    #5 WhmSonic, May 31, 2007
    Last edited: May 31, 2007
  6. persianwhois

    persianwhois Well-Known Member

    Joined:
    Apr 18, 2007
    Messages:
    117
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Mahallat
    cPanel Access Level:
    Root Administrator
    Thank you.
    My os is centos
    im use apf firewall. and mod evasive.
     
Loading...

Share This Page