Jump to content


Photo

[Solved] Three weird things: db timeout, password rejection, and phpMyAdmin crash

database cpanel break-in phpMyAdmin timeout MySQL

  • Please log in to reply
6 replies to this topic

#1 badrihippo

badrihippo

    Rank I Member

  • Members
  • Pip
  • 41 posts
  • Gender:Male
  • Location:Thekampattu, Tamilnadu, India
  • Interests:Programming, Writing, Environment, Reading, and lots of other stuff besides :)

Posted 12 January 2020 - 05:30 PM

Hi all,

Something weird happened just now and I'm a little freaked. Three things, actually.

 

Some background: I run a Ghost site on Heroku, which uses a HelioHost database via "remote MySQL". Today, the site failed to startup due to an application timeout, which I assume was a timeout while trying to connect to the database (it was working fine in the morning so I can't think of any other explanation).

 

When I tried to sign in, the password was rejected thrice. That might have been just me in a panic, but I know what my password's supposed to be, so was wondering if someone's broken in and changed it. In any case, I reset via email to a different one.

 

After signing in, I tried opening phpMyAdmin to test the database, but it fails with an error:

No response from subprocess (php): The subprocess reported error number 72,057,594,037,927,935 when it ended. The process dumped a core file.

 

 

As a side note: Tommy's cPanel seems much slower than usual. This might be unrelated, but it may also explain all the errors (maybe the password checks and database calls all timed out).

 

If possible, would you admins be able to do the following:

  • Send me IPs and login times for my last 3 cPanel logins (I got the last one's IP, but I'm travelling so would need a couple others to compare). Maybe also password reset logs or something to see if there's anything suspicious.
  • Look into phpMyAdmin and remote SQL and see if others are having issues too
  • Not sure what else, but maybe something in the syslogs to indicate what may be happening?

Thanks in advance!

 



#2 badrihippo

badrihippo

    Rank I Member

  • Members
  • Pip
  • 41 posts
  • Gender:Male
  • Location:Thekampattu, Tamilnadu, India
  • Interests:Programming, Writing, Environment, Reading, and lots of other stuff besides :)

Posted 12 January 2020 - 05:55 PM

Update: The remote SQL (via Ghost) is back in action! phpMyAdmin still crashing though. Maybe it was a load issue after all? :blink:

Update to the update: it's down again :( database requests are timing out


Edited by badrihippo, 12 January 2020 - 06:18 PM.


#3 snowm

snowm

    Rank III Member

  • Members
  • PipPipPip
  • 191 posts
  • Gender:Male
  • Location:Wildcat Stadium
  • Interests:Computers, education, travel, and real estate.

Posted 12 January 2020 - 07:56 PM

According to Discord

lxmdV9c.png


Certified Microsoft Office Specialist for PowerPoint and Word 2013.

Follow Me On Twitter

@MonaghanBryce


#4 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 11,471 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 13 January 2020 - 02:36 AM

Something/someone was overloading Tommy earlier. It looks like it was a DoS attack, which isn't terribly uncommon...we sometimes get hit with these, usually as retaliation for things like banning someone's phishing site.

 

If it were internal (software malfunction or abusive user), they'd end up suspended, typically within a few minutes. The fact it lasted for hours alone suggests external causes. That's backed up by Tommy's firewall log having a ton of new blocked IPs from China today...

 

Notice all the orange and red betwen 1500 and 2000 UTC): http://heliohost.grd.net.pl/monitor/ During such events, it's not uncommon for connections to fail or for things to randomly hang or crash. If you're logging in using our website, an Invalid Password message will be display if the server is down and cannot be contacted to verify your password (it really should be modified to report that the server timed out verifying the password).

 

The event in question has since subsided and service should have returned to normal. If your account is still not working, please let us know and we'll get it going again for you :)


Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...


#5 badrihippo

badrihippo

    Rank I Member

  • Members
  • Pip
  • 41 posts
  • Gender:Male
  • Location:Thekampattu, Tamilnadu, India
  • Interests:Programming, Writing, Environment, Reading, and lots of other stuff besides :)

Posted 13 January 2020 - 04:30 AM

Oh, yes. It's back to working now! That's a relief (Side note: didn't imagine I would be relieved by a DDoS attack :P). Then my guess about timeouts was correct.

 

I'd checked for news updates on Twitter but didn't realise there was a Discord channel too. Is that the new "go-to" place for updates?



#6 sohamb03

sohamb03

    Rank VIII Member

  • Members
  • PipPipPipPipPipPipPipPip
  • 845 posts
  • Gender:Male
  • Location:India
  • Interests:Web Designing

Posted 13 January 2020 - 01:24 PM

Not necessarily as the updates are posted in the 'News' section here as well, but you could still join Discord as you could get help within a few minutes, from the active community and with the one-to-one interaction in the chat. Ofc all updates are posted there. :)

Sayan Bhattacharyya


#7 wolstech

wolstech

    Rank X Member

  • Root Admin
  • 11,471 posts
  • Gender:Male
  • Location:Pennsylvania

Posted 13 January 2020 - 02:08 PM

Discord is best for real-time stuff. An ongoing attack is likely to be discussed in Discord (or possibly a forum help request) first, and assuming it subsides quickly, will never make it to the News forum or other media channels.

 

Planned events such as migrations, server updates, maintenance, etc. are always announced in the News forum, as are unplanned events with an extended impact (extended DoS attacks lasting longer than a day or so, disk failures, etc.)

 

Twitter and Facebook are managed by a bot and will post the same announcements made in the News forum. They aren't manned.


Please do not PM me for support. Posting on our forums lets all of us learn.
Do you play Minecraft? | Server Monitors | And the Dumbass of the Decade award goes to...






Also tagged with one or more of these keywords: database, cpanel, break-in, phpMyAdmin, timeout, MySQL

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users