Sociopath Community

>well, first off, it's a dos attack, not a ddos attack if it comes from a single IP.

No need to be pedantic about that stuff.

> second mysql doesn't have to listen to external (non local) connections over any ports.

But it is enabled by default + the server initiates a local socket for every web request (which means outside request to the server for database data = amount of local connection to the db)

>I do recall a sys admin once telling me the most common fuck up when migrating to a dedicated server, is that the mysql ports are left open.

Right, the database while being the most important piece of the server is largely ignored when it comes to security (default passwords not changed, ports left open, passwords not hashed)

well, first off, it's a dos attack, not a ddos attack if it comes from a single IP.

second mysql doesn't have to listen to external (non local) connections over any ports.

I do recall a sys admin once telling me the most common fuck up when migrating to a dedicated server, is that the mysql ports are left open.

and, there is no port 6327 open at this time. Dude you are attacking the search. Admit it.

Do yourself a favor and add a robots.txt or at least one single file that does not require a database connection so you can determine if it is a database problem or a network problem without needing a programmer, or even needing to log into the machine.

I'm glad to see that you're involved in the forum's wellbeing, even though the code shows that the programmer is a pothead :D Don't worry though you didn't blew your chances with me :* <3

We're raising the connection limit, and changing a few things to respond to these attacks. The IP seems to be originating from Istanbul, Turkey. You've won this time Jim 

I wonder if it's possible to add some kind of a packet filter for the server itself to stop things at a certain bandwidth size.

They swing a mean hammer

LOL, I bet they do!!

Considering the possible success ratio of a bruteforce crack (especially with MD5 and the likes around) compared to the success ratio of hitting the upper limit in MySQL connections it'd be rational to go directly for the port flooding, now what I did was instead of making thousands of request from a single connection, I made requests from multiple Node.JS threads so the server doesn't go "oh all these are coming from a single connection let's just reject the rest".

>and, there is no port 6327 open at this time. Dude you are attacking the search. Admit it.

Luna already mentioned closing that port, see above.

>Do yourself a favor and add a robots.txt or at least one single file
that does not require a database connection so you can determine if it
is a database problem or a network problem without needing a programmer,
or even needing to log into the machine.

Or she could set up a local packet filter that logs EVERY incoming traffic, which will see every connection to every port open.

Stay calm MrD, I'm not taking away your status as the forum intellectual, I know how much you need it ;p

there is no mysql listening over port 6327 at this moment.

You attacked the search, admit it.

You seem really interested in proving that I didn't attack the port, it looks like this means alot to you. Maybe I should have let you do it so you could feel like a 1337 h4x0r and get some self-esteem.