MySQL keeps going down

7 posts / 0 new
Last post
#1 Mon, 05/01/2017 - 22:18
decay

MySQL keeps going down

Hey Guys,

I have had my current virtualmin installation (VM) for over an year now, and havent had any issues till about 2 months ago. I did the standard installation at the time, and didnt do anything too fancy.

The issue im having is, my MySQL db keeps going down every few weeks. couple of months ago, i had all my websites go down due to the DB going down (everything else works fine, its just mysql). I simply either have to restart the server/vm or just click the start button on the mysql service on the virtualmin admin panel. few weeks later, it happened again. And this morning it happened again. Few hours later, it happened once again (i just did the server restart to fix it).

Obviously, i have no idea how to find any logs or any way to figure out what is causing the issue. Can someone help?

Cheers.

Tue, 05/02/2017 - 00:02
Joe
Joe's picture

We'll need the relevant logs to make any kind of diagnosis. It depends on your OS and version as to where exactly those logs are.

/var/log/messages may have clues. I'd check the kernel log (dmesg) for out of memory errors...any time a service is stopping without an obvious cause, it's about 50/50 odds it's the OOM killer doing it, in my experience.

--

Check out the forum guidelines!

Sun, 06/25/2017 - 22:52
decay

Sorry for a really late response,

I just noticed my sites were down again (mysql was down), so i just restarted it and decided to look at the logs /var/log/messages, and its flooded with with messages. so, i searched for "mysql" and here are some lines of code.

Jun 23 17:42:53 cece kernel: [23364]    27 23364    28314        0      13       73             0 mysqld_safe
Jun 23 17:42:53 cece kernel: [23654]    27 23654   658041     5858     163    35859             0 mysqld
Jun 23 17:42:53 cece kernel: Out of memory: Kill process 23654 (mysqld) score 81 or sacrifice child
Jun 23 17:42:53 cece kernel: Killed process 23654 (mysqld) total-vm:2632164kB, anon-rss:23432kB, file-rss:0kB, shmem-rss:0kB
Jun 23 17:42:53 cece mysqld_safe: /usr/bin/mysqld_safe: line 183: 23654 Killed                  nohup /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock < /dev/null >> /var/log/mariadb/mariadb.log 2>&1
Jun 23 17:42:56 cece mysqld_safe: 170623 17:42:56 mysqld_safe Number of processes running now: 0
Jun 23 17:42:56 cece mysqld_safe: 170623 17:42:56 mysqld_safe mysqld restarted
Jun 23 17:43:07 cece mysqld_safe: 170623 17:43:07 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended

Jun 25 23:36:43 cece mysqld_safe: 170625 23:36:43 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Jun 25 23:36:43 cece mysqld_safe: 170625 23:36:43 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql

I changed one of the personal domain names above to cooldomain.co. the host name for the server is cece.cooldomain.co (if that makes any difference).

Can anyone help me figure out wtf is going on here? Why am i getting so many auth failure logs every couple of minutes? Whats with the whole out of memory thing that killed mysql? How do i get around that? The VPS has about 2GB memory, and there isnt anything hosted that would attract huge amount of traffic at all.

Sun, 06/25/2017 - 23:31
decay

Oh wow, now im looking through some of the other logs /var/log/maillog for example (i dont use the server as a mail server at all, dont have any setup as far as im aware), and im getting massive amount of logs. i dont recognise any of the ip addresses that are being logged.

Jun 25 23:05:21 cece postfix/smtpd[29772]: connect from unknown[80.82.77.203]
Jun 25 23:05:24 cece postfix/smtpd[29772]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:05:24 cece postfix/smtpd[29772]: disconnect from unknown[80.82.77.203]
Jun 25 23:05:47 cece postfix/smtpd[29772]: connect from unknown[80.82.77.203]
Jun 25 23:05:49 cece postfix/smtpd[29772]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:05:49 cece postfix/smtpd[29772]: disconnect from unknown[80.82.77.203]
Jun 25 23:07:49 cece postfix/smtpd[29924]: warning: hostname static.cmcti.vn does not resolve to address 101.99.15.195: Name or service not known
Jun 25 23:07:49 cece postfix/smtpd[29924]: connect from unknown[101.99.15.195]
Jun 25 23:07:55 cece postfix/smtpd[29924]: warning: unknown[101.99.15.195]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:07:56 cece postfix/smtpd[29924]: disconnect from unknown[101.99.15.195]
Jun 25 23:09:21 cece postfix/smtpd[29924]: connect from unknown[80.82.77.203]
Jun 25 23:09:24 cece postfix/smtpd[29924]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:09:24 cece postfix/smtpd[29924]: disconnect from unknown[80.82.77.203]
Jun 25 23:10:26 cece postfix/anvil[29403]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 25 23:05:47
Jun 25 23:10:26 cece postfix/anvil[29403]: statistics: max connection count 1 for (smtp:156.67.106.211) at Jun 25 23:02:20
Jun 25 23:10:26 cece postfix/anvil[29403]: statistics: max cache size 2 at Jun 25 23:03:04
Jun 25 23:11:38 cece postfix/smtpd[30105]: connect from unknown[80.82.77.203]
Jun 25 23:11:40 cece postfix/smtpd[30105]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:11:41 cece postfix/smtpd[30105]: disconnect from unknown[80.82.77.203]
Jun 25 23:11:49 cece postfix/smtpd[30105]: warning: hostname static-173-55-35-107.lsanca.fios.frontiernet.net does not resolve to address 173.55.35.107: Name or service not known
Jun 25 23:11:49 cece postfix/smtpd[30105]: connect from unknown[173.55.35.107]
Jun 25 23:11:52 cece postfix/smtpd[30105]: warning: unknown[173.55.35.107]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:11:52 cece postfix/smtpd[30105]: disconnect from unknown[173.55.35.107]
Jun 25 23:12:04 cece postfix/smtpd[30105]: connect from unknown[80.82.77.203]
Jun 25 23:12:07 cece postfix/smtpd[30105]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:12:07 cece postfix/smtpd[30105]: disconnect from unknown[80.82.77.203]
Jun 25 23:15:27 cece postfix/anvil[29403]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 25 23:12:04
Jun 25 23:15:27 cece postfix/anvil[29403]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 25 23:11:38
Jun 25 23:15:27 cece postfix/anvil[29403]: statistics: max cache size 2 at Jun 25 23:11:49
Jun 25 23:15:38 cece postfix/smtpd[30284]: connect from unknown[80.82.77.203]
Jun 25 23:15:41 cece postfix/smtpd[30284]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:15:41 cece postfix/smtpd[30284]: disconnect from unknown[80.82.77.203]
Jun 25 23:16:09 cece postfix/smtpd[30284]: connect from unknown[223.84.204.11]
Jun 25 23:16:12 cece postfix/smtpd[30284]: warning: unknown[223.84.204.11]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:16:12 cece postfix/smtpd[30284]: disconnect from unknown[223.84.204.11]
Jun 25 23:16:14 cece postfix/smtpd[30284]: connect from unknown[211.138.219.67]
Jun 25 23:16:14 cece postfix/smtpd[30284]: warning: non-SMTP command from unknown[211.138.219.67]: GET / HTTP/1.1
Jun 25 23:16:14 cece postfix/smtpd[30284]: disconnect from unknown[211.138.219.67]
Jun 25 23:17:55 cece postfix/smtpd[30287]: connect from unknown[80.82.77.203]
Jun 25 23:17:58 cece postfix/smtpd[30287]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:17:58 cece postfix/smtpd[30287]: disconnect from unknown[80.82.77.203]
Jun 25 23:18:21 cece postfix/smtpd[30287]: connect from unknown[80.82.77.203]
Jun 25 23:18:24 cece postfix/smtpd[30287]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:18:24 cece postfix/smtpd[30287]: disconnect from unknown[80.82.77.203]
Jun 25 23:20:19 cece postfix/smtpd[30438]: warning: hostname ns2.eflydns.net does not resolve to address 120.31.131.104
Jun 25 23:20:19 cece postfix/smtpd[30438]: connect from unknown[120.31.131.104]
Jun 25 23:20:22 cece postfix/smtpd[30438]: warning: unknown[120.31.131.104]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:20:22 cece postfix/smtpd[30438]: disconnect from unknown[120.31.131.104]
Jun 25 23:21:56 cece postfix/smtpd[30438]: connect from unknown[80.82.77.203]
Jun 25 23:21:58 cece postfix/smtpd[30438]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:21:59 cece postfix/smtpd[30438]: disconnect from unknown[80.82.77.203]
Jun 25 23:24:13 cece postfix/smtpd[30582]: connect from unknown[80.82.77.203]
Jun 25 23:24:16 cece postfix/smtpd[30582]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:24:16 cece postfix/smtpd[30582]: disconnect from unknown[80.82.77.203]
Jun 25 23:24:23 cece postfix/smtpd[30582]: warning: hostname ifxnetworks.com does not resolve to address 190.60.122.229
Jun 25 23:24:23 cece postfix/smtpd[30582]: connect from unknown[190.60.122.229]
Jun 25 23:24:26 cece postfix/smtpd[30582]: warning: unknown[190.60.122.229]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:24:26 cece postfix/smtpd[30582]: disconnect from unknown[190.60.122.229]
Jun 25 23:24:40 cece postfix/smtpd[30582]: connect from unknown[80.82.77.203]
Jun 25 23:24:42 cece postfix/smtpd[30582]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:24:42 cece postfix/smtpd[30582]: disconnect from unknown[80.82.77.203]
Jun 25 23:25:38 cece postfix/anvil[30286]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 25 23:18:21
Jun 25 23:25:38 cece postfix/anvil[30286]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 25 23:15:38
Jun 25 23:25:38 cece postfix/anvil[30286]: statistics: max cache size 3 at Jun 25 23:16:14
Jun 25 23:28:15 cece postfix/smtpd[30613]: connect from unknown[80.82.77.203]
Jun 25 23:28:17 cece postfix/smtpd[30613]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:28:17 cece postfix/smtpd[30613]: disconnect from unknown[80.82.77.203]
Jun 25 23:28:35 cece postfix/smtpd[30613]: warning: hostname 107-144-93-226.biz.bhn.net does not resolve to address 107.144.93.226: Name or service not known
Jun 25 23:28:35 cece postfix/smtpd[30613]: connect from unknown[107.144.93.226]
Jun 25 23:28:37 cece postfix/smtpd[30613]: warning: unknown[107.144.93.226]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:28:38 cece postfix/smtpd[30613]: disconnect from unknown[107.144.93.226]
Jun 25 23:30:32 cece postfix/smtpd[30793]: connect from unknown[80.82.77.203]
Jun 25 23:30:35 cece postfix/smtpd[30793]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:30:35 cece postfix/smtpd[30793]: disconnect from unknown[80.82.77.203]
Jun 25 23:30:58 cece postfix/smtpd[30793]: connect from unknown[80.82.77.203]
Jun 25 23:31:01 cece postfix/smtpd[30793]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:31:01 cece postfix/smtpd[30793]: disconnect from unknown[80.82.77.203]
Jun 25 23:32:53 cece postfix/smtpd[30796]: connect from unknown[189.16.42.178]
Jun 25 23:32:56 cece postfix/smtpd[30796]: warning: unknown[189.16.42.178]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:32:56 cece postfix/smtpd[30796]: disconnect from unknown[189.16.42.178]
Jun 25 23:34:34 cece postfix/smtpd[30796]: connect from unknown[80.82.77.203]
Jun 25 23:34:36 cece postfix/smtpd[30796]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:34:36 cece postfix/smtpd[30796]: disconnect from unknown[80.82.77.203]
Jun 25 23:36:52 cece postfix/smtpd[31481]: connect from unknown[80.82.77.203]
Jun 25 23:36:55 cece postfix/smtpd[31481]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:36:55 cece postfix/smtpd[31481]: disconnect from unknown[80.82.77.203]
Jun 25 23:37:18 cece postfix/smtpd[31481]: connect from unknown[80.82.77.203]
Jun 25 23:37:21 cece postfix/smtpd[31481]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:37:21 cece postfix/smtpd[31481]: disconnect from unknown[80.82.77.203]
Jun 25 23:38:15 cece postfix/anvil[30615]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 25 23:30:58
Jun 25 23:38:15 cece postfix/anvil[30615]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 25 23:28:15
Jun 25 23:38:15 cece postfix/anvil[30615]: statistics: max cache size 2 at Jun 25 23:28:35
Jun 25 23:38:15 cece postfix/smtpd[31481]: connect from unknown[156.67.106.211]
Jun 25 23:38:17 cece postfix/smtpd[31481]: warning: unknown[156.67.106.211]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:38:17 cece postfix/smtpd[31481]: disconnect from unknown[156.67.106.211]
Jun 25 23:38:20 cece postfix/smtpd[31483]: connect from unknown[156.67.106.211]
Jun 25 23:38:23 cece postfix/smtpd[31483]: warning: unknown[156.67.106.211]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:38:23 cece postfix/smtpd[31483]: disconnect from unknown[156.67.106.211]
Jun 25 23:40:55 cece postfix/smtpd[31697]: connect from unknown[80.82.77.203]
Jun 25 23:40:58 cece postfix/smtpd[31697]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:40:58 cece postfix/smtpd[31697]: disconnect from unknown[80.82.77.203]
Jun 25 23:41:04 cece postfix/smtpd[31697]: connect from unknown[101.78.18.13]
Jun 25 23:41:07 cece postfix/smtpd[31697]: warning: unknown[101.78.18.13]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:41:07 cece postfix/smtpd[31697]: disconnect from unknown[101.78.18.13]
Jun 25 23:43:11 cece postfix/smtpd[31762]: connect from unknown[80.82.77.203]
Jun 25 23:43:13 cece postfix/smtpd[31762]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:43:13 cece postfix/smtpd[31762]: disconnect from unknown[80.82.77.203]
Jun 25 23:43:38 cece postfix/smtpd[31762]: connect from unknown[80.82.77.203]
Jun 25 23:43:40 cece postfix/smtpd[31762]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:43:40 cece postfix/smtpd[31762]: disconnect from unknown[80.82.77.203]
Jun 25 23:47:00 cece postfix/anvil[30615]: statistics: max connection rate 2/60s for (smtp:156.67.106.211) at Jun 25 23:38:20
Jun 25 23:47:00 cece postfix/anvil[30615]: statistics: max connection count 1 for (smtp:156.67.106.211) at Jun 25 23:38:15
Jun 25 23:47:00 cece postfix/anvil[30615]: statistics: max cache size 2 at Jun 25 23:38:15
Jun 25 23:47:13 cece postfix/smtpd[31933]: connect from unknown[80.82.77.203]
Jun 25 23:47:16 cece postfix/smtpd[31933]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:47:16 cece postfix/smtpd[31933]: disconnect from unknown[80.82.77.203]
Jun 25 23:49:29 cece postfix/smtpd[32080]: connect from unknown[80.82.77.203]
Jun 25 23:49:32 cece postfix/smtpd[32080]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:49:32 cece postfix/smtpd[32080]: disconnect from unknown[80.82.77.203]
Jun 25 23:49:38 cece postfix/smtpd[32080]: connect from unknown[197.0.39.95]
Jun 25 23:49:41 cece postfix/smtpd[32080]: warning: unknown[197.0.39.95]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:49:41 cece postfix/smtpd[32080]: disconnect from unknown[197.0.39.95]
Jun 25 23:49:56 cece postfix/smtpd[32080]: connect from unknown[80.82.77.203]
Jun 25 23:49:59 cece postfix/smtpd[32080]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:49:59 cece postfix/smtpd[32080]: disconnect from unknown[80.82.77.203]
Jun 25 23:53:19 cece postfix/anvil[31935]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 25 23:49:56
Jun 25 23:53:19 cece postfix/anvil[31935]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 25 23:47:13
Jun 25 23:53:19 cece postfix/anvil[31935]: statistics: max cache size 2 at Jun 25 23:49:38
Jun 25 23:53:30 cece postfix/smtpd[32134]: connect from unknown[80.82.77.203]
Jun 25 23:53:33 cece postfix/smtpd[32134]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:53:33 cece postfix/smtpd[32134]: disconnect from unknown[80.82.77.203]
Jun 25 23:55:47 cece postfix/smtpd[32414]: connect from unknown[80.82.77.203]
Jun 25 23:55:50 cece postfix/smtpd[32414]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:55:50 cece postfix/smtpd[32414]: disconnect from unknown[80.82.77.203]
Jun 25 23:56:13 cece postfix/smtpd[32414]: connect from unknown[80.82.77.203]
Jun 25 23:56:16 cece postfix/smtpd[32414]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:56:16 cece postfix/smtpd[32414]: disconnect from unknown[80.82.77.203]
Jun 25 23:59:36 cece postfix/anvil[32136]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 25 23:56:13
Jun 25 23:59:36 cece postfix/anvil[32136]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 25 23:53:30
Jun 25 23:59:36 cece postfix/anvil[32136]: statistics: max cache size 1 at Jun 25 23:53:30
Jun 25 23:59:47 cece postfix/smtpd[32558]: connect from unknown[80.82.77.203]
Jun 25 23:59:50 cece postfix/smtpd[32558]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 25 23:59:50 cece postfix/smtpd[32558]: disconnect from unknown[80.82.77.203]
Jun 26 00:02:04 cece postfix/smtpd[32670]: connect from unknown[80.82.77.203]
Jun 26 00:02:07 cece postfix/smtpd[32670]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:02:07 cece postfix/smtpd[32670]: disconnect from unknown[80.82.77.203]
Jun 26 00:02:10 cece postfix/smtpd[32670]: connect from unknown[190.254.149.122]
Jun 26 00:02:14 cece postfix/smtpd[32670]: warning: unknown[190.254.149.122]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:02:14 cece postfix/smtpd[32670]: disconnect from unknown[190.254.149.122]
Jun 26 00:02:30 cece postfix/smtpd[32670]: connect from unknown[80.82.77.203]
Jun 26 00:02:33 cece postfix/smtpd[32670]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:02:33 cece postfix/smtpd[32670]: disconnect from unknown[80.82.77.203]
Jun 26 00:05:53 cece postfix/anvil[32560]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 26 00:02:30
Jun 26 00:05:53 cece postfix/anvil[32560]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 25 23:59:47
Jun 26 00:05:53 cece postfix/anvil[32560]: statistics: max cache size 2 at Jun 26 00:02:10
Jun 26 00:06:05 cece postfix/smtpd[379]: connect from unknown[80.82.77.203]
Jun 26 00:06:07 cece postfix/smtpd[379]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:06:07 cece postfix/smtpd[379]: disconnect from unknown[80.82.77.203]
Jun 26 00:06:29 cece postfix/smtpd[379]: warning: hostname 12-130-172-232.attens.net does not resolve to address 12.130.172.232: Name or service not known
Jun 26 00:06:29 cece postfix/smtpd[379]: connect from unknown[12.130.172.232]
Jun 26 00:06:32 cece postfix/smtpd[379]: warning: unknown[12.130.172.232]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:06:33 cece postfix/smtpd[379]: disconnect from unknown[12.130.172.232]
Jun 26 00:08:22 cece postfix/smtpd[412]: connect from unknown[80.82.77.203]
Jun 26 00:08:25 cece postfix/smtpd[412]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:08:25 cece postfix/smtpd[412]: disconnect from unknown[80.82.77.203]
Jun 26 00:08:49 cece postfix/smtpd[412]: connect from unknown[80.82.77.203]
Jun 26 00:08:51 cece postfix/smtpd[412]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:08:51 cece postfix/smtpd[412]: disconnect from unknown[80.82.77.203]
Jun 26 00:10:39 cece postfix/smtpd[619]: warning: hostname hwvps150668.hostwindsdns.com does not resolve to address 104.168.142.59
Jun 26 00:10:39 cece postfix/smtpd[619]: connect from unknown[104.168.142.59]
Jun 26 00:10:41 cece postfix/smtpd[619]: warning: unknown[104.168.142.59]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:10:41 cece postfix/smtpd[619]: disconnect from unknown[104.168.142.59]
Jun 26 00:12:24 cece postfix/smtpd[648]: connect from unknown[80.82.77.203]
Jun 26 00:12:26 cece postfix/smtpd[648]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:12:27 cece postfix/smtpd[648]: disconnect from unknown[80.82.77.203]
Jun 26 00:14:41 cece postfix/smtpd[803]: connect from unknown[80.82.77.203]
Jun 26 00:14:44 cece postfix/smtpd[803]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:14:44 cece postfix/smtpd[803]: disconnect from unknown[80.82.77.203]
Jun 26 00:14:50 cece postfix/smtpd[803]: warning: hostname static-173-55-35-107.lsanca.fios.frontiernet.net does not resolve to address 173.55.35.107: Name or service not known
Jun 26 00:14:50 cece postfix/smtpd[803]: connect from unknown[173.55.35.107]
Jun 26 00:14:53 cece postfix/smtpd[803]: warning: unknown[173.55.35.107]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:14:53 cece postfix/smtpd[803]: disconnect from unknown[173.55.35.107]
Jun 26 00:15:08 cece postfix/smtpd[803]: connect from unknown[80.82.77.203]
Jun 26 00:15:11 cece postfix/smtpd[803]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:15:11 cece postfix/smtpd[803]: disconnect from unknown[80.82.77.203]
Jun 26 00:16:05 cece postfix/anvil[381]: statistics: max connection rate 2/60s for (smtp:80.82.77.203) at Jun 26 00:08:49
Jun 26 00:16:05 cece postfix/anvil[381]: statistics: max connection count 1 for (smtp:80.82.77.203) at Jun 26 00:06:05
Jun 26 00:16:05 cece postfix/anvil[381]: statistics: max cache size 2 at Jun 26 00:06:29
Jun 26 00:18:44 cece postfix/smtpd[1094]: connect from unknown[80.82.77.203]
Jun 26 00:18:46 cece postfix/smtpd[1094]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:18:46 cece postfix/smtpd[1094]: disconnect from unknown[80.82.77.203]
Jun 26 00:21:00 cece postfix/smtpd[1300]: connect from unknown[80.82.77.203]
Jun 26 00:21:03 cece postfix/smtpd[1300]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:21:03 cece postfix/smtpd[1300]: disconnect from unknown[80.82.77.203]
Jun 26 00:21:26 cece postfix/smtpd[1300]: connect from unknown[80.82.77.203]
Jun 26 00:21:29 cece postfix/smtpd[1300]: warning: unknown[80.82.77.203]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:21:29 cece postfix/smtpd[1300]: disconnect from unknown[80.82.77.203]
Jun 26 00:23:21 cece postfix/smtpd[1413]: connect from unknown[200.5.228.122]
Jun 26 00:23:23 cece postfix/smtpd[1413]: warning: unknown[200.5.228.122]: SASL LOGIN authentication failed: authentication failure
Jun 26 00:23:24 cece postfix/smtpd[1413]: disconnect from unknown[200.5.228.122]

Should i be concerned?

Wed, 07/05/2017 - 16:53 (Reply to #4)
Joe
Joe's picture

Those are pretty normal; but, if you're literally not using any mail features, you could turn off Postfix (and disable the mail features in Virtualmin so it won't complain). That said, you probably do need a mail server for sending notification emails and the like.

There are a variety of options for stopping that kind of brute force attack (it'll probably never succeed as long as you have strong passwords for any users that exist on the system). Fail2ban is a good option, and I've talked about it some recently in the forum here: https://www.virtualmin.com/node/52599

The relevant fail2ban rule is postfix-sasl.

--

Check out the forum guidelines!

Wed, 07/05/2017 - 20:05
decay

alrighty, ill have a look at installing fail2ban. thanks for the info/suggestion.

As for the issue of mysql crashing, where is my earlier post where i actually posted the log that showed the mysql process being killed? :(

Alright, here we go again, so, as for /var/log/messages/ i saw the following when i found my mysql was down on the 25th (i had to manually start it again). the log looked like this:

...
...
Jun 22 04:18:48 cece saslauthd[486]: do_auth         : auth failure: [user=MYSQL] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 22 04:19:21 cece saslauthd[485]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 22 04:20:35 cece saslauthd[484]: do_auth         : auth failure: [user=MYSQL] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 22 04:21:01 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 22 04:22:16 cece saslauthd[488]: do_auth         : auth failure: [user=MYSQL] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 23 17:42:53 cece kernel: [23364]    27 23364    28314        0      13       73             0 mysqld_safe
Jun 23 17:42:53 cece kernel: [23654]    27 23654   658041     5858     163    35859             0 mysqld
Jun 23 17:42:53 cece kernel: Out of memory: Kill process 23654 (mysqld) score 81 or sacrifice child
Jun 23 17:42:53 cece kernel: Killed process 23654 (mysqld) total-vm:2632164kB, anon-rss:23432kB, file-rss:0kB, shmem-rss:0kB
Jun 23 17:42:53 cece mysqld_safe: /usr/bin/mysqld_safe: line 183: 23654 Killed                  nohup /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock < /dev/null >> /var/log/mariadb/mariadb.log 2>&1
Jun 23 17:42:56 cece mysqld_safe: 170623 17:42:56 mysqld_safe Number of processes running now: 0
Jun 23 17:42:56 cece mysqld_safe: 170623 17:42:56 mysqld_safe mysqld restarted
Jun 23 17:43:07 cece mysqld_safe: 170623 17:43:07 mysqld_safe mysqld from pid file /var/run/mariadb/mariadb.pid ended
Jun 25 07:13:37 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:15:44 cece saslauthd[484]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:17:47 cece saslauthd[485]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:20:00 cece saslauthd[488]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:21:58 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:24:07 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:26:34 cece saslauthd[485]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:28:36 cece saslauthd[484]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:31:00 cece saslauthd[484]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:33:20 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:35:26 cece saslauthd[484]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:37:31 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:39:45 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:41:54 cece saslauthd[485]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:44:22 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:46:21 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:48:29 cece saslauthd[485]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:50:36 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:52:35 cece saslauthd[484]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 07:54:42 cece saslauthd[485]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Jun 25 23:36:43 cece mysqld_safe: 170625 23:36:43 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Jun 25 23:36:43 cece mysqld_safe: 170625 23:36:43 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Jun 26 10:44:56 cece saslauthd[486]: do_auth         : auth failure: [user=mysql] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
...
...

Any idea what is going on here? Is there any way to fix the issue?

Sun, 07/09/2017 - 02:13 (Reply to #6)
Joe
Joe's picture

Out of memory error. The OOM killer is killing MySQL. It could kill any process on the system, but it happened to get MySQL.

Free up some memory. It'll stop happening. The OOM killer only kicks in if there is literally no memory left to allocate and it needs to free memory to keep the system up. You could allocate swap memory (and probably should), but this also definitely means you don't have enough memory on the system for the number and configuration of services you have running. You need to reduce memory usage or increase real memory on the system.

There's a guide for running Virtualmin on low memory systems, but it'll apply to any system where you need to reduce memory usage. https://www.virtualmin.com/documentation/system/low-memory

--

Check out the forum guidelines!

Topic locked