Two - Three weeks ago, my server was attacked, from what I believe to be a max_connect_peers attack on mysql. I had submitted a ticket with ev1, here is a cc :
---------------------------------------------------------------------------
Hello,
This is regarding the most recent span of "dos" attacks on the server. It has been confirmed that the attacker is somehow only attacking mysql, and from what I have "researched" so-to speak, it is max_connect_peers that the attacker is overloading.
The only way to "fix" the mysql after max_connect_peers attack is through the hosts-flush in mysqladmin that an ev1server had shown me how to do (see most recent trouble ticket entitled "Mysql"), and as you can see my only way of recovery was through that.
I have found a website that explain max_connect_peers (you probably already know it, but I may as well present my resource), but it's meant as a local dos, not remote. It might provide good insight for ev1 and I.
http://lists.debian.org/debian-security/20...4/msg00290.html
Although that's for debian, same rules apply in my.conf.
---------------------------------------------------------
Are my guesses right? And if so, what would ev1 unofficially suggest in order to block any mysql based dos attacks?
I think this same "exploit" is being caused by the attacker using a malicious mysql client. Thanks for any help you can give, as you can see I've been trying to my hardest to protect this server with what limited knowledge I have in an ensim environment, so any help (even in an unofficial capacity) would be very much appreciated
---------------------------------------------------------------------------
END TICKET
There's all the info really I need to provide. Ev1 told me that they could find no preventative measures by searching or any resources on hand, and told me to snoop around here and post a thread.
Please, everyone, a little help for a friendly giant?