Test environment MySQL parameter max_allowed_packet automatic change troubleshooting process

New to a company, these days, the development of Zooey response to execute the MySQL statement 1024 error, after troubleshooting, is the Max_allowed_packet value is too small caused. The parameter is then larger

Command line execution:

Workaround 1.

mysql> Set Global Max_allowed_packet = 2*1024*1024*10

But after a day, and reflect the error. Then look at the parameter

Mysql> Show variables like ' max_allowed_packet '; +--------------------+----------+| variable_name | Value |+--------------------+----------+| Max_allowed_packet | 1024x768 |+--------------------+----------+1 row in Set (0.00 sec)

Strangely enough, this parameter goes back to the default value again.

Workaround 2.

Suspected MySQL automatically restarted. So, set up a MySQL configuration file, add a row of parameters

Max_allowed_packet = 20M

Re-command line set this parameter

mysql> Set Global Max_allowed_packet = 2*1024*1024*10

As expected, this value becomes the default in the afternoon. So, all kinds of Baidu ... Exclude memory is not enough with the problem, finally locked in the MySQL was attacked, malicious settings. thus

Workaround 3.

Turn on MySQL's global log

Set global General_log=on;set Global general_log_file= '/tmp/general.log ';

Observed the day, and finally found the clue

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/85/23/wKioL1ea0uWA4qWUAAAkyjpz4u8833.png-wh_500x0-wm_3 -wmp_4-s_2483646263.png "style=" Float:none; "title=" Attack 1.png "alt=" Wkiol1ea0uwa4qwuaaakyjpz4u8833.png-wh_50 "/>

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/85/23/wKioL1ea0uWgU4NeAAAdD1Zq2W0532.png-wh_500x0-wm_3 -wmp_4-s_2244870388.png "style=" Float:none; "title=" Attack 2.png "alt=" Wkiol1ea0uwgu4neaaadd1zq2w0532.png-wh_50 "/>

A record of a malicious execution of SQL was found with an abnormal login. So. View Authorization Form

mysql> select user,host,password from mysql.user;+-----------+-----------+------------- ------------------------------+| user      | host       | Password                                    |+-----------+-----------+-------------------------------------------+| root       | localhost | *d10046e383955247e6d02efc235fa9699ff1d663  | |  csd       |     %      | *b404adb7bc0db0e0cd49f9d7eb9e8daeb8ffa98c | |  zcdev     |     %     |  *b257b599ce4de08f6043c8ca9062695084007e16 | |  pba       |     %     | * c8e970fa54065f67198b1959007875a06e5f234e | |  lishibin  |     %     | * 88a194ad67780cf5b6350be5766b43e82136506b | |  csef      |     %     |  *b2c53e908217da3e4158ae24098116186ccf73b0 | |  csef_read |     %     | * a4e03156bbab6bad7433a764a3baae1c1b0785b8 | |  mysqld    |     %     | * 83d34c89b8e0f100d54c6d9276d357db43e8779f | |  root      |     %     |                                              | |  root      |     %     |  *d10046e383955247e6d02efc235fa9699ff1d663 | |  server    |     %     | * 866d5a029d62ec05acc4584ce50f1cd2f50e0e82 | |  testmg    |     %     | * 5466fdb0b2316b196605a80d7ca89d34f999fb86 | |  mysqls    |     %     | * 7be7ccd65b06f04379a48a396b3a0ff3d0194c22 |+-----------+-----------+-------------------------------------- -----+12 rows in set  (0.00 SEC)

Then asked the colleague, he said that the execution of the root blank password login has been deleted, all the accounts here allow all the host login. Extremely restless, so. Remove the root blank password to log in and change the root password. and set the host of all accounts into the intranet login. Observed for 2 days, and there was no attack.

This article is from the "beginner's mind, always" blog, please be sure to keep this source http://gouyc.blog.51cto.com/1594451/1831650

Test environment MySQL parameter max_allowed_packet automatic change troubleshooting process