"Host 'myhost.com' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'"
Issuing the command would be the next measure and even applying brute force a script doing this every so often. Wait a minute we know better. There must be an (intentionally or not) attack.
The cluprit
Monit was configured to monitor mysql like:if failed host 192.168.0.161 port 3306 then restart
This is a problem as all it does is opening a socket and then dropping the connection without any SQL handshaking.
Solution
Specifying mysql protocol could solve the problem but mysql is so mature and stable that it would be enough to check just the socket file:if failed unixsocket /var/lib/mysql/mysql.sock with timeout 5 seconds then restart
No comments:
Post a Comment