Skip to main content

Many "Name or Service not known" RDNS entries in MySQL error log - how to trace

Comments

3 comments

  • cPanelLauren
    If you thought that it was a compromise the IP address would be useful to utilize in researching the logs - specifically: /var/log/messages
    /etc/apache2/logs/domlogs/
    /etc/apache2/logs/error_log
    0
  • GrandAdmiral
    Hi Lauren Other than some portscanning showing up in log/messages (blocked by CSF) there's nothing else of interest in those logs. Is there any way to monitor the source of these types of queries via MySQL?
    0
  • cPanelLauren
    The access logs would give you detail on what they're accessing, as far as with MySQL - if there is a specific query/process occurring the following would tell you MySQL :: MySQL 5.7 Reference Manual :: 13.7.5.29 SHOW PROCESSLIST Syntax it's real-time I would be concerned that you don't have MySQL port 3306 locked down to outside requests properly if this continues to occur though.
    0

Please sign in to leave a comment.