Hi

Within the last week we've been coming into work and finding the need to flush-hosts on our production server before our office network can connect back in.

Now the IP address that has been blocked is from our network, not the server. This means something somewhere is trying to repeatedly connect to the server from here overnight - but the only machine that is left on doesnt seem to hold any scripts that would do this?

Is there anyway I can log on mysql which hosts are attempting to connect to the server (or even the remote address so I can track the script?), and when? I have logging enabled but it only shows the attempt, not the IP or more details:

040810 11:38:53 25549 Connect Access denied for user: 'ODBC@localhost' (Using password: NO)

Cheers
Ben

    Hi,

    ODBC@localhost shows you that a script or application on the server itself tries to connect to the database.

    So look for a cron job or a daemon that tries to connect to the MySQL server on the server itself.

    It's an application or daemon that tries to connect with the MySQL user ODBC to the MySQL database without using a password.

    The problem with that is that this might break up PHP sites hosted on the same server that try to connect with e.g.

    mysql_connect("localhost",....);

    Thomas

      Thanks Thomas

      I realise this is the problem, unfortunately we are a web host with maybe 50 active php/mysql sites - so trying to track down which script is causing this problem is near on impossible.

      The ODBC@localhost error occurs if you dont specify a username/password but I really need some help from mysql to indicate which script/application it is gettng the login request from!!! Any ideas?

        Hi,

        I don't know if this is against any laws (I'm not a lawyer) but you could try to crawl recursively through the directories containg the scripts and grep (case sensitive) for ODBC. This way you get a list of scripts that contain ODBC. Using the directory info of each file you could fetch a subset of the (virtual) hosts that might cause the troubles. You don't need to look into the scripts ... just contact the owners of that sites and ask them to check their scripts for any connection problems.

        While writing this another idea slowly crawled into my brain 🙂

        Take the date/time information of the MySQL log and compare it with the web server logs. Chances are good that you'll have a http request to a PHP script on a certain virtual host at nearly the same date/time (at least not to all hosts at that time)

        Thomas

          Write a Reply...