mysql error on log access denied

leonep

Well-Known Member
Nov 18, 2014
215
16
68
Pescara
cPanel Access Level
Root Administrator
Hello,
i have a lot of notice entries in mysqld.log.
i tried changing the password from whm as well but it keeps flooding my log
where can i look for responsible for this?
............luckily everything is ok and running on the server !


2022-11-24T20:35:53.233369Z 671 [Note] Access denied for user 'root'@'localhost' (using password: NO)
2022-11-24T20:36:07.996364Z 686 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2022-11-24T20:36:07.996491Z 687 [Note] Access denied for user 'root'@'localhost' (using password: NO)
2022-11-24T20:36:08.233812Z 688 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2022-11-24T20:36:08.233971Z 689 [Note] Access denied for user 'root'@'localhost' (using password: NO)
2022-11-24T20:36:23.234368Z 695 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2022-11-24T20:36:23.234471Z 696 [Note] Access denied for user 'root'@'localhost' (using password: NO)
2022-11-24T20:36:38.234840Z 706 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2022-11-24T20:36:38.234998Z 707 [Note] Access denied for user 'root'@'localhost' (using password: NO)
2022-11-24T20:36:53.235314Z 724 [Note] Access denied for user 'root'@'localhost' (using password: YES)
2022-11-24T20:36:53.235465Z 725 [Note] Access denied for user 'root'@'localhost' (using password: NO)
...................
...................



mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 977
Server version: 5.7.39-cll-lve MySQL Community Server - (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> status
--------------
mysql Ver 14.14 Distrib 5.7.39, for Linux (x86_64) using EditLine wrapper

Connection id: 977
Current database:
Current user: [email protected]
SSL: Not in use
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.39-cll-lve MySQL Community Server - (GPL)
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8mb4
Db characterset: utf8mb4
Client characterset: utf8mb4
Conn. characterset: utf8mb4
UNIX socket: /var/lib/mysql/mysql.sock
Uptime: 17 min 51 sec

Threads: 1 Questions: 90375 Slow queries: 0 Opens: 2396 Flush tables: 1 Open tables: 1936 Queries per second avg: 84.383
--------------
 

ServerHealers

Well-Known Member
Sep 21, 2015
59
28
68
India
cPanel Access Level
Root Administrator
It is possible something else configured in your server having wrong password and it keep trying to authenticate. We had a situation in the past on a customer server, where the MySQL monitor script they had for Nagios causing this after a MySQL root password reset as they forgot to update the new password in the script. It could be something similar, and correcting it would stop it.

Alternatively, it could be a website hosted on your server with root user and a wrong password in its config file (This is not a recommended approach I know, however, I've seen some people doing this when they follow some online articles). If this is the case, I'd suggest creating a new MySQL user and assign it to the site's database and put that new user details in the config file instead of root user.
 
  • Like
Reactions: cPRex

ServerHealers

Well-Known Member
Sep 21, 2015
59
28
68
India
cPanel Access Level
Root Administrator
As a first step, we confirmed with the customer whether they used any monitor inhouse or by a previous management company and proceed further once they confirmed that they used Nagios for monitoring the server. It was easy for us when we get that information, and saved a lot of time.:)

If you have similar setup, I'd suggest looking at /etc/nrpe.d/ directory for any Nagios configs where we usually configure checks or could be /etc/check_mk/mysql.cfg if CheckMk in use. If these are not, then it would be time consuming in troubleshooting where exactly these logins are configured incorrectly.