2

I have MonYog running and it is monitoring my DB Server. It gives me constant alerts that the number of refused connections has exceeded the threshold etc. Looking in the LySQL.Log I can see constant login failures for root@localhost.

This is on a hosted server out in the ether so I have been as strict as possible with access etc. Firstly, the 3306 port on the firewall is open only to a couple of selected IP addresses. All other users (for dev and testing etc) use SSH. Secondly, there is no 'root' user. I renamed the root account to something else. This new named account only has localhost access.

So from the above, I just don't see how any login attempts are getting to the DB from localhost. The 3306 port is closed to all but one IP address (mine) and I am not attempting any connect to the server all through the night as the logs are showing. And anyway, I never connect as the (new) root dba user unless I need to do some special admin task.

Is there any way of finding out where these login attempts are coming from (IP address, host name, application name etc...).

Or am I looking in the wrong place. I just cant work out where they are coming from but I am convinced it cant be good!

tinlyx
3,83014 gold badges50 silver badges79 bronze badges
asked Sep 6, 2013 at 7:57
1
  • "constant alerts that the number of refused connections has exceeded the threshold etc." -- what? Please don't paraphrase... what exactly do these alerts say? Commented Sep 6, 2013 at 12:07

1 Answer 1

1

A) You can check TCPdump output for MySQL port connection.

B) Also you can verify whether any script is running on MySQL server may be something like monit etc.. which continuously pings MySQL port.

answered Sep 6, 2013 at 11:50
4
  • Hi Mahesh. Thanks for the ideas. Ran Wireshark on the server. The Access denied messages are appearing with no network traffic at al so must be coming from local machine. I just cant work out where. You mention scripts running on the server. How do I find such things? Commented Sep 9, 2013 at 6:10
  • I have myself got in this situation and we found out that monit script was a problem, you can check if any script is running which does activity on MySQL server .. check for monit, backup script etc.. Commented Sep 10, 2013 at 8:07
  • Thanks again. My server is a Windows server. Assume Monit is a linux thing? So how do I find any scripts set to run on my DB. I am not aware of setting any up but they may be there. I just dont know where to look to see if there are any. Commented Sep 11, 2013 at 8:52
  • Ok .. you can check for any scheduled job running for a MySQL server .. like you might have started backup job which is not connecting or some store procedure calls etc .. Commented Sep 12, 2013 at 13:14

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.