working env started giving - cannot connect to mysql server (10060)
Have a standard mysql installation in linode machine.
The mysql connection was working for years. Yesterday it started throwing the connection failure error 10060.
No changes happened in the server in these two days
Now I am able to login to linode machine, login to mysql and see the tables. Only the remote login fails.
Upon googling, I checked "bind 127.0.0.1" It is commented in the cnf file
Would like to know why sudden issue with connection? Can someone tamper the system?
How to fix the issue?
Here is the netstate result.
netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp6 0 0 [::]:mysql [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN
tcp6 0 0 [::]:9020 [::]:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 11302685 /var/run/mysqld/mysqld.sock
unix 2 [ ACC ] STREAM LISTENING 5855276 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 1281189 /run/user/1000/systemd/private
unix 2 [ ACC ] STREAM LISTENING 9948 /run/systemd/journal/stdout
unix 2 [ ACC ] SEQPACKET LISTENING 9954 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 14051 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 14061 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 9966 /run/systemd/fsck.progress
thanks
Balaji
2 Replies
It sounds like this may be related to a firewall issue for your server. Have you had the chance to review these for your server? We have a few guides that you can reference in regards to reviewing your server's firewall rules:
https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/
https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/
https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos/
I've used this link when I setup MySQL remote access for my personal server.
As for your server possibly being compromised, I would check the log files for your server, as well as the login dates and timestamps for the accounts on your server. The following commands will assist with this.
cat /var/log/auth.log
cat /var/log/secure
last
lastlog
I also suggest installing and running a security auditing tool called Lynis for your server. This tool scans your server for security vulnerabilities and offers suggestions on how to rectify them. You can reference our guide in regards to securing your server.