Mysql unauthenticated users from specific machine - mysql

So one of our developers VMs is desperately trying to connect to our dev mysql server.
Looking at show full processlist shows a number of 'unauthenticated user` lines trying to connect from his specific IP.
Using ps aux | grep httpd I can see where a number of threads from httpd are running but I don't know enough to correlate what I'm seeing in the terminal with a reason his machine (not being touched) continually tries to connect.
I've looked in all crontabs and there's nothing that I can see that would do that.
Is there a way to see all processes trying to connect to a specific IP?

You can use the following to get the processes connecting to a specific ip
#netstat -ant -p | grep "ip:port"
This should give you the list, try cleaning up the processes , then do a differential analysis by disabling the crontab once and enabling them but disabling the httpd processes the next time, maybe this will help.

Related

WAMPServer crashed on Windows 10 - how can I backup all MySQL databases?

WAMPServer won't start up any services for some reason (worked fine until 2 weeks ago -- nothing I can think of that changed, though wouldn't be surprised if Windows 10 forced some update) so I'm planning to uninstall and then reinstall. Before I do, I want to backup my content so that I can restore it once I get the new version installed from scratch.
I have already zipped the wamp64\www folder and now I'm trying to do mysqldump, but MySQL won't even start.
My question has two parts:
How can I start MySQL service on Windows 10 home (no group policies or any such in-depth admin capabilities) when it will not start? I've tried opening services.msc and manually restarting -- it just doesn't do anything. There is no error.
Is there a way to save all my MySQL databases in one go without launching MySQL?
On my system database they are stored in C:\Program Files (x86)\WampServer\bin\mysql\mysql5.1.53\data.
You can try to start mysql locally with an executable on wamp\bin\mysql\mysql-version\bin.
Maybe your wampp won't start because another application is using the same port?
You can view running port on Command Prompt with:
C:\> netstat -a -b
-a This switch displays active TCP connections, TCP connections with the listening state, as well as UDP ports that are being listened to.
-b This netstat switch is very similar to the -o switch listed below, but instead of displaying the PID, will display the process's actual file name. Using -b over -o might seem like it's saving you a step or two but using it can sometimes greatly extend the time it takes netstat to fully execute.
You can search a specific port with :
netstat -aon | find "[PORT]"
-o A handy option for many troubleshooting tasks, the -o switch displays the process identifier (PID) associated with each displayed connection. See the example below for more about using netstat -o.
-n Use the -n switch to prevent netstat from attempting to determine host names for foreign IP addresses. Depending on your current network connections, using this switch could considerably reduce the time it takes for netstat to fully execute.
More Information

How to detect what is running on MySQL every hour?

Munin showing huge spike on MySQL queries every hour but I am unable to detect what is causing this. I am running version 5.6.30.
Tried to enable slow running queries but can't find it there.
Also logged all queries and tried to see what is running on that particular time. I cannot find it.
Checked cronjobs but there wasn't anything related
Disabled almost everything on LFD & CSF
The event scheduler status is set to OFF
Is there any other way to find what is running every hour?
Munin graph showing sql queries:
You can use a shell script and put the instruccion "processlist" and send the output to a log file.
Put the delay in seconds that you want for run again the instucction.
while [true];
mysql -h localhost -u root -ppasswd < process
delay xtime
done
And the file processlist you put the instrucction "show full processlist"
I hope this help you
Regards
Some crawlers were mining data from my website. I wasn't able to detect because requests sent from a million different IPs.
Added captcha to website as human control and spikes gone.

Number of mysql user Connections in a date range

Have a database. How can I get the total number of connections for a user?
e,g database name: north_wind
database user: smuwanga
How do I know that smuwanga made 200 connections to the database in the last 3 months?
Regards,
Simon.
MySQL does not keep a connection log by default. However, if you want to find out current connections and users, you can use SHOW FULL PROCESSLIST.
If you still insist on logging user connections, you may want to check out this blog post with steps on how you can accomplish that.
I managed to get my way around it.
I did a grep 'mysql_username' /path/to/mysql.log |grep Connect | wc -l
Its seems when installing mysql I left everything as default.

Are there any services which can monitor my website, if site is down, reboot my ec2 instance?

I have a micro instance on EC2, and I deployed a wordpress website on it. But the site will be down about every two days because mysql is killed, so visitors get "500 Internal Server Error".
And I need log in AWS, and reboot the instance. I know I should optimize the apache configuration, but rebooting the instance will be a simple solution.
I'm using a service which can monitor my website, and when site is down, they will send me a email, but they can't reboot the EC2 instance.
I configure the apache like below, it works now:
StartServers 1
MinSpareServers 1
MaxSpareServers 5
MaxClients 10
MaxRequestsPerChild 4000
Maybe you can create a bash, and put it in /etc/cron.hourly to run it every hour.
Here is the content of bash.
#!/bin/bash
#Replace MYSQL_PORT with the real port number.
netstat -na | grep LISTEN | grep MYSQL_PORT
if [ $? != 0 ]; then
reboot
fi
Don't forget to make it executable just like the below.
chmod 0755 /etc/cron.hourly/monitor_mysql.sh
Moreover you can make it check more frequently by create a file in /etc/cron.d/ like the below to check every 5 minutes.
# vi /etc/cron.d/monitor_mysql
*/5 * * * * root /path/to/monitor_mysql.sh
If you are looking for a solution with any open source tool you can always try Nagios. Which does the monitoring as well as restarting of the failed services but with some configuration effort. You can refer Nagios Site Nagios Configuration
There is something wrong if you need to reboot every few days. I don't think it's your Apache configuration, but lots of other things can be wrong.
You can use the reboot script, but you should also monitor your uptime (with a service like www.downnotifier.com) en you might think about a reinstall if you don't reach an 99,7% uptime.

Locating zombie mySQL connections

I have a colleague who has been using PHP's mysql_pconnect() without my knowing it. We have had a number of instances where connections were denied due to a large number of zombie connections (per our sys admin who is currently not available).
What is the best way from the command line to locate/identify the zombie processes. I have looked at the time columns in ps aux and top but I am not sure I am getting a complete picture.
Thanks.
From MySQL console SHOW FULL PROCESSLIST; and look for these with Sleep in Command column and high values in Time. Then KILL