Find the answer to your Linux question:
Results 1 to 4 of 4
We have recently upgraded our mysql server from v4.3 to the "hyper-modern"* 5.0.77 and on occasion are seeing a sudden flood of connections which takes our server down. These connections ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,653

    Strange flood of connections to mysql server


    We have recently upgraded our mysql server from v4.3 to the "hyper-modern"* 5.0.77 and on occasion are seeing a sudden flood of connections which takes our server down.

    These connections are from the expected IP (our firewall) and all for "unauthenticated user" and they remain in the login state for several minutes at least.

    We have two apache web servers on different physical machines throwing connections at the server. They are configured such that even if they throw their maximum number at the DB it shouldn't be overwhelmed.

    There is nothing to indicate this activity in the database or web server logs.

    We are having occasional issues with our ad servers taking a very long time to respond so we have identified a couple of possibilities:

    1. Ad taking a long time so everyone pressing F5 several times
    2. D.o.S. attack

    Has anyone encountered this before and if so, how did you fix it?

    Thanks for any insights

    * For here at least
    "I used to be with it, then they changed what it was.
    Now what was it isn't it, and what is it is weird and scary to me.
    It'll happen to you too."

    Grandpa Simpson



    The Fifth Continent

  2. #2
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    I'd first want to check the firewall logs for the actual sources of the connections and whether there's a pattern. If it's a 'bot attack, it may be difficult to discern from the reload possibility, but that's where I'd start.

  3. #3
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,653
    It appears to be a DNS or more specifically a reverse DNS issue where one of the threads is locking and then none of the others can progress. The solution appears to be to reconfigure things to user@ip instead of user@host or user@% and then restart the service with lookups turned off by using --skip-name-resolve
    "I used to be with it, then they changed what it was.
    Now what was it isn't it, and what is it is weird and scary to me.
    It'll happen to you too."

    Grandpa Simpson



    The Fifth Continent

  4. $spacer_open
    $spacer_close
  5. #4
    Penguin of trust elija's Avatar
    Join Date
    Jul 2004
    Location
    Either at home or at work or down the pub
    Posts
    3,653
    We added a entry to the hosts file for the firewall and it seems to have sorted it out.
    "I used to be with it, then they changed what it was.
    Now what was it isn't it, and what is it is weird and scary to me.
    It'll happen to you too."

    Grandpa Simpson



    The Fifth Continent

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •