Hi everyone
I'm using the "MySQL Administrator" program to keep tabs on the health of a
web system i am developing. I think it's nice to have quick (gui) feedback
on the query cache, memory variables, and other status variables.
I've noticed that one of the status variables, "Aborted_connec ts" has been
increasing steadily. This is defined by MySQL as "Number of tries to
connect to the MySQL server that failed". I googled around a bit, and the
only reference I found was a suggestion to double-check php code. So, I
double-checked my php code but everything closes the mysql connection
properly.
Since the system is in development, and I am the only person who knows the
IP of where to log in and test it, I decided to restart the MySQL server,
not visit the website at all, and use MySQL Administrator to monitor
whether or not any status variables changed. Sure enough,
"Aborted_connec ts" is increasing by one every ten minutes or so despite no
activity on the website (it's been 30 minutes and I have three aborted
connects). To double-check that the website hasn't been used, I can see
under Performance that no "SELECTS" have been made since restarting the
server.
What could be causing this? Is someone *really* trying to hack into my
MySQL server (once every ten minutes?!)? Is it something in the MySQL
Administrator program itself that is causing the aborted connects? Is it
something to be concerned about? "Connection s" (number of connection
attempts) has also been increasing...
I should mention that port 3306 is open, it's running Red Hat Linux, and
it's MySQL 4.1.x (Can't remember)
Any ideas appreciated!
5  8652 
Among the wreckage we found a fragment on which Good Man had scratched: What could be causing this? Is someone *really* trying to hack into my
MySQL server (once every ten minutes?!)? Is it something in the MySQL
Why not run ethereal and see for yourself?
"Good Man" <he***@letsgo.c om> wrote in message
news:Xn******** *************** @216.196.97.131 ...
<snip> Since the system is in development, and I am the only person who knows the
IP of where to log in and test it,
Tis a fact of modern life that there are scads of computers out there
dedicated to the discovery of live IP addresses and when found, to bang away
with usr/pwd combinations. The human scoundrels behind this activity are
only awakened when the automation discovers an IP/usr/pwd combo that scores
a hit.
If you have an IP address that sends/receives packets over the Internet,
then you are most certainly not "the only person who knows the IP..". I decided to restart the MySQL server,
not visit the website at all, and use MySQL Administrator to monitor
whether or not any status variables changed. Sure enough,
"Aborted_connec ts" is increasing by one every ten minutes or so despite no
activity on the website (it's been 30 minutes and I have three aborted
connects). To double-check that the website hasn't been used, I can see
under Performance that no "SELECTS" have been made since restarting the
server.
The unauthorized entry attempts are a given. And it will take some
vigilance on your part to verify that these are not successful.
What could be causing this? Is someone *really* trying to hack into my
MySQL server (once every ten minutes?!)?
Not a "someone". It's a computer program run by an usncrupulous "someone"
and the answer is yes. It's probably nothing personal. As I said, any and
every IP address that both sends/receives is a target.
Is it something in the MySQL
Administrator program itself that is causing the aborted connects?
No!
Is it something to be concerned about?
Yes!
You need to get over the fact that the attempts are being made but you do
need to put mechanisms in place to see that they are not successful. And you
*especially* need to know when someone is successful in gaining unauthorized
entry.
"Connection s" (number of connection attempts) has also been increasing...
The longer your IP is up, the more it becomes known as a "live" IP and the
more unauthorized entry attempts it will attract.
It is becoming increasingly popular to dedicate entire computers to serve as
a firewall. These spend all their cpu horsepower on rejecting unauthorized
entry attempts and passing along the few legitimate ones to the server.
I should mention that port 3306 is open, it's running Red Hat Linux, and
it's MySQL 4.1.x (Can't remember)
Any ideas appreciated!
Difficult and non-obvious user names and passwords.
Eternal vigilance.
Rapid discovery of unauthorized access followed immediately by new user
names and passwords.
Encryption.
Thomas Bartkus
"Thomas Bartkus" <to*@dtsam.co m> wrote in
news:d9******** ************@te lcove.net: What could be causing this? Is someone *really* trying to hack into
my MySQL server (once every ten minutes?!)?
Not a "someone". It's a computer program run by an usncrupulous
"someone" and the answer is yes. It's probably nothing personal. As
I said, any and every IP address that both sends/receives is a target.
it just seems like a weird way to hack into a database. when i look at my
apache server attacks, they last for about an hour with 5-10 login attempts
each minute. now that's an attack! that's the way *i* would try to break
in - not by trying a mysql database with one password and moving on. so
it seems like a weird way of trying to break into the server, and i'm still
not convinced its an automaton/person with nefarious desires.
It is becoming increasingly popular to dedicate entire computers to
serve as a firewall. These spend all their cpu horsepower on
rejecting unauthorized entry attempts and passing along the few
legitimate ones to the server.
you know, the site is being hosted (managed hosting) by Rackspace, and
they're offering a hardware firewall for $200/month. That seems like a
totally outrageous price - i'd rather ship them a crappy pc from my house
and have them set up a firewall with that. do you really think a firewall
is needed? how would it know what an unauthorized attempt is? surely it
will need to be open to the MySQL & Apache servers anyways?
Thanks!
"Good Man" <he***@letsgo.c om> wrote in message
news:Xn******** *************** *@216.196.97.13 1... "Thomas Bartkus" <to*@dtsam.co m> wrote in
news:d9******** ************@te lcove.net:
What could be causing this? Is someone *really* trying to hack into
my MySQL server (once every ten minutes?!)?
Not a "someone". It's a computer program run by an usncrupulous
"someone" and the answer is yes. It's probably nothing personal. As
I said, any and every IP address that both sends/receives is a target.
it just seems like a weird way to hack into a database. when i look at my
apache server attacks, they last for about an hour with 5-10 login
attempts each minute. now that's an attack! that's the way *i* would try to break
in - not by trying a mysql database with one password and moving on. so
it seems like a weird way of trying to break into the server, and i'm
still not convinced its an automaton/person with nefarious desires.
Well, I would agree.
All you can say is that at such and such a time, some one tried to log on
with an invalid usr/pwd. How often do I miskey my own password? - very
often.
Still - I think you see that your IP address is never a secret and that it
will there will be many knocks on the door by people simply looking for a
(any) door that will open for them.
It is becoming increasingly popular to dedicate entire computers to
serve as a firewall. These spend all their cpu horsepower on
rejecting unauthorized entry attempts and passing along the few
legitimate ones to the server.
you know, the site is being hosted (managed hosting) by Rackspace, and
they're offering a hardware firewall for $200/month. That seems like a
totally outrageous price - i'd rather ship them a crappy pc from my house
and have them set up a firewall with that.
I agree.
do you really think a firewall is needed?
It depends. How much cpu does your server/software firewall spend fending
off unauthorized entry?
The only thing I really *know* is that this sort of thing tends to increase
over time. The longer your IP is out there, the more it becomes known as a
hack target. Will it level off eventually? Is it degrading performance
unnacceptably?
I wish I could give you answers but we are struggling with this issue
ourselves.
how would it know what an unauthorized attempt is?
I don't have the answer for MySQL. I wish someone else would jump in here
because I would like to look at a log myself that shows me "who" was trying
and failing. I don't know where to find that kind of record for MySQL like
I can for the apache server.
I am scrupulously looking over the logs at the successful log ons and trying
to verify them. Kind of like the way your credit card company will
(hopefully!) detect suspicious charge activity and give you a call when they
record a charge in Las Vegas after you just charged a tank of gas in NJ five
minutes ago.
I'm looking for software myself!
Thomas Bartkus
surely it
will need to be open to the MySQL & Apache servers anyways?
>I'm using the "MySQL Administrator" program to keep tabs on the health of a web system i am developing. I think it's nice to have quick (gui) feedback
on the query cache, memory variables, and other status variables.
I've noticed that one of the status variables, "Aborted_connec ts" has been
increasing steadily. This is defined by MySQL as "Number of tries to
connect to the MySQL server that failed". I googled around a bit, and the
only reference I found was a suggestion to double-check php code. So, I
double-checked my php code but everything closes the mysql connection
properly.
This description of the "Aborted_connec ts" status variable is misleading.
I get log messages in hostname.err often:
Date time [Warning] Aborted connection NNNN to db: database, user:
username ost: host.do.main (Got an error reading communication packets).
and at the same time, Aborted_connect s gets incremented.
This does not mean that someone is trying to hack into your database.
(nor does it mean that they aren't, but this message is not a sign
of it). The given database,userna me,host.do.main logged in
SUCCESSFULLY, then killed the connection. And it is one of the
logins I created.
I'm running MySQL 5.0.6, but this particular issue has been going
on since the early 3.23.* versions.
At first the real meaning of this appeared to be: ONE OF YOUR PHP
PAGES FORGOT TO CALL mysql_close(), DUMMY! After I fixed that on
several pages, it turns out that the remaining offenders are mail
transport programs using the database for spam filtering, which
open up a connection, make some queries, and just abruptly die
rather than closing (mysql_close()) the connection cleanly. I
haven't been able to find a hook to make them close the connection
cleanly, so for error messages mentioning the logins used for that
purpose, I ignore them.
Since the system is in development, and I am the only person who knows the
IP of where to log in and test it, I decided to restart the MySQL server,
If you think about it a little, everyone with even a small amount
of knowledge about the Internet knows a complete list of *ALL* IP
addresses, even if they don't bother writing out each individual
one. There aren't any secret ones, like the alleged phone numbers
with * and # in the area code used by the government for tin foil
hat distribution. There's plenty of scanning going on for MySQL
servers; my firewall blocks a lot of them (typically a couple an
hour, 24x7). If you avoid giving out any MySQL user logins valid
from ANY host, you may not really need a firewall; absent major
security holes, MySQL can protect itself, and dictionary attacks
don't work from hosts not allowed to log in at all.
Gordon L. Burditt This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Bryan Rickard |
last post by:
I wrote a simple program in VB6 to copy all the files from a directory
on a CD-ROM to my hard disk. There are about 10 files, each about
30MB.
The program uses Get and Put to get data from the CD into a buffer and
then put it into the disk. See code below. It works, but it slows
down drastically before it copies all the files. Windows Task Manager
shows the CPU usage gradually increasing as the files are copied,
until it reaches 100...
|
by: Jerry Negrelli |
last post by:
I have a windows service that is mysteriously dying on me at what appears to be random intervals. Sometimes its 3 hours, sometimes it's 2 days. Clearly an error is occuring but I haven't been able to pinpoint the problem
The service's OnStart method initializes an object whose constructor creates a thread that launches other threads based on certain DB criteria. Every method I call starts with a try and ends with a catch, and any errors...
|
by: Patty O'Dors |
last post by:
I've got a program that contains a crystal report, and it has a function that
saves off one report for each branch of the company, in a loop.
This all works beautifully, however - if the user closes the form while the
saving is taking place (it does take quite a long time) then it mysteriously
CARRIES ON saving the PDFs! The process is still there, just the form is
invisible.
I tried setting a flag to true and calling Dispose on the actual...
|
by: joe martin |
last post by:
Sometimes when I run my C# application I am developing the keyboard
repeat rate mysteriously goes down all the way. When I check in
HKEY_CURRENT_USER\ControlPanel\Keyboard\KeyboardSpeed it is still set
to 30 but in the control panel the slider is all the way at the left.
Currently I read and write to the registry in my own tree inside
HKEY_CURRENT_USER\Software as well as read settings to check .net
versions but don't write anywhere else....
|
by: Danny J. Lesandrini |
last post by:
I asked this on microsoft.public.access, but got no answers. Maybe
I was too verbose ... or there is no answer.
User opens form A and then form B
While typing in form B, focus jumps to last active control on form A
User curses at development staff
This has also been observed to happen while the user was not touching
the mouse or keyboard.
| | |
by: Amit Dedhia |
last post by:
Hi
I am developing a scientific application which has moderate level
image processing involved.
In my application, there is a main application form which invokes
another form. When this form is running, a timer function keeps
executing every 250ms. The timer function does some real time data
processing and generates a bitmap which needs to be displayed on a
picture control. This is done using this->Invoke(...) in the form.
|
by: Rahul B |
last post by:
Hi,
I was getting the error: sqlcode: -911 sqlstate: 40001 , which is
"The maximum number of lock requests has been reached for the
database."
So i increased the locklist size to 200 from the default value of 100.
I wanted to know what other effects it will have on the database?
Like, will the performance reduce, if the locklist size is 200 and 120
locks are on it as compared to when the locklist size is 130 and 120
|
by: wajedali |
last post by:
hi.........
i have problem in incresing and decreasing the component.
I have a one main panel (i.e. i used as _basewindowPanel) in that again two panel in that two panel like wise....
now when i m increasing the size of component only button and label size get increase.But Jcombobox,JTextfield and table size unchanged.Plz any one help me,here is my code for increasing the size........
public void incPanel(int size)
{
...
|
by: =?Utf-8?B?cmFuZHkxMjAw?= |
last post by:
Visual Studio 2005, C# WinForms application:
Here’s the question: How can I increase the standard 1 MB stack size of the
UI thread in a C# WinForms application?
Here’s why I ask:
I’ve inherited some code that at the view (User Interface) layer kicks off a
background worker thread. At the service layer (think CAB service layer),
there’s quite a lot of the following:
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
