tags:

views:

32

answers:

3
+2  Q: 

Checking MySQL Logs for Possibility of Performance Issues/DOS attack

Hello,

We write a most of our websites in PHP and use MySQL database connections routinely. We are currently encountering a major performance issue on our dedicated server. When accessing our server it loads webpages very slowly and SSH'ing into the machine takes forever. We have restarted it a few times and after a few minutes that problem appears again.

Our web host (MidPhase) says that it could be related to a DOS attack and that they are going to place our dedicated server on CiscoGuard for 24hrs and check our server logs to verify if that is the case.

I'm concerned that we may have some poorly coded PHP scripts that are being exploited.

How would one check server wide for problems that could be caused by possibly PHP/MySQL injection exploits?

Thank you, Tegan

A: 

I would check access logs for unusual requests (specially those indicating SQL injection, or massive requests to the same urls), and also enabling MySQL's slow query log can be useful, since it will allow you to see any heavy query that can indicate either someone dumping your db, or your own code performing poorly on queries.

Consider modifying the slow query time value (default 10 seconds) to have a valuable log, and not empty / bloated with queries.

Using mtop to go over MySQL's performance in real-time may be helpfull too.

Johnco  2010-02-08 16:41:00
A: 

Assuming you use a LAMP setup, I would start with something like

$ top

or 

$ ps aux

to see what process is using lots of resources. It could be php / mysql but it could also be a mail server or a spam filter (just an example, if you are running that on the same server).

jeroen  2010-02-08 16:41:36
Yes it is a LAMP setup. Let say after I run the above commands I see that mysql is using lots of resources.How could I dig down deeper and check out what individual PHP page could be causing an issue.
Tegan Snyder  2010-02-08 16:47:10
That´s a tricky one, I remember looking for that and not finding it. Apart from checking which pages get loaded more than normal in the httpd logs, I can only recommend asking the same question on serverfault.com. Sorry.
jeroen  2010-02-08 17:02:49
A: 

I suggest simply going through any PHP, and making sure that queries are being escaped (or use binding), and also that you're filtering for possible XSS attacks.

me_here  2010-02-08 16:42:09

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL