Trying to get some emergency help because my website is being attacked. It isn't as much as an actual attack, as it is a small bot to exploit xenforo vulnerability.
https://xenforo.com/community/threads/mysql-attack.89082
That's a link to the original problem. I thought this was the best place to ask so I will ask here as well.
Here is proof that this is an actual attack.
This is the error that the website gives me
Zend_Db_Adapter_Mysqli_Exception: Too many connections - library/Zend/Db/Adapter/Mysqli.php:333
Generated By: Unknown Account, Today at 7:26 AM
Stack Trace
#0 /home/squadcra/public_html/library/Zend/Db/Adapter/Abstract.php(315): Zend_Db_Adapter_Mysqli->_connect()
#1 /home/squadcra/public_html/library/XenForo/Application.php(719): Zend_Db_Adapter_Abstract->getConnection()
#2 [internal function]: XenForo_Application->loadDb(Object(Zend_Config))
#3 /home/squadcra/public_html/library/XenForo/Application.php(960): call_user_func_array(Array, Array)
#4 /home/squadcra/public_html/library/XenForo/Application.php(991): XenForo_Application->lazyLoad('db', NULL)
#5 /home/squadcra/public_html/library/XenForo/Application.php(1561): XenForo_Application::get('db')
#6 /home/squadcra/public_html/library/XenForo/Model.php(161): XenForo_Application::getDb()
#7 /home/squadcra/public_html/library/XenForo/Model/DataRegistry.php(138): XenForo_Model->_getDb()
#8 /home/squadcra/public_html/library/XenForo/Model/DataRegistry.php(97): XenForo_Model_DataRegistry->_getMultiFromDb(Array)
#9 /home/squadcra/public_html/library/XenForo/Dependencies/Abstract.php(147): XenForo_Model_DataRegistry->getMulti(Array)
#10 /home/squadcra/public_html/library/XenForo/FrontController.php(127): XenForo_Dependencies_Abstract->preLoadData()
#11 /home/squadcra/public_html/index.php(13): XenForo_FrontController->run()
#12 {main}
Request State
array(3) {
["url"] => string(22) "http://squadcraft.net/"
["_GET"] => array(0) {
}
["_POST"] => array(0) {
}
}
I think this is an exploit where he has a bot that spam opens mysql connections, or just opens and holds open mysql connections. I don't know I'm not an expert. Anyway I need to limit the maximum number of open connections per ip address.
Best Answer
I have an old post from March 2012 that limits a specific user's connections by the hour
How can I limit MySQL connections?
You also need to remove anonymous users : Cannot drop anonymous user from mysql.user
Get rid of test user access : MySQL : Why are there "test" entries in mysql.db?
Get rid of all users with no password with
You could add a blanket rule on a specific IP addr (like
10.20.30.40
)Give Them a Try !!!