MySQL problem may be tracked down
After a relatively long time, MySQL has stopped again. something I expected to happen: I raised the pagefile quota of MYSQL_SERVER – the account that runs the MySQL server – from 3.000.000 to 4.500.000, because it looked like the crash previously occurred when the amount of virtual memory used was about that amount. I’ve seen it gradually increasing over the week, and yesterday it was approaching the new boundary. And this morning I learned it had restarted (looking at the watchdog log). It’s again about that size, so I wouldn’t be surprised if there will be a restart today again. It grows to this size faster than before since the blogs are more regularly updated (the bootcamp 2008 blog gets new entries every day) and more regularly read as well.
So my suspicion is there is a memory leak in MySQL_Server. Well, upgrade to 5.1 would possibly be the best way to go.
FTP attempts
They do not happen very often in these days, but once in a while there is a more genuine attempt – not a simple script, or one that does check outcome.
In yesterday’s OPERATOR.LOG there was this entry:
%%%%%%%%%%% OPCOM 19-MAY-2008 20:06:48.38 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: 59.22.140.17
Status: NOPRIV -- File access violation
Object: WEB_DISK2:[public.anonymous.test]
TCPIP$FTP_RUN.LOG shows that this is just it, after a timeout (it may be that the server was too busy to respond) and the attempt to create a directory, this user logs out:
%TCPIP-I-FTP_SESCON, FTP SERVER: session connection from 59.22.140.17 at 19-MAY-2008 20:03:36.57
%TCPIP-I-FTP_NODE, client host name: 59.22.140.17
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: 59.22.140.17
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00039: Can't open data connection
%SYSTEM-F-TIMEOUT, device timeout
%TCPIP-I-FTP_NODE, client host name: 59.22.140.17
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_OBJ, object: WEB_DISK2:[public.anonymous.test]
%TCPIP-I-FTP_CHINFO, TCPIP$FTPC00039: Failed to create directory
%SYSTEM-F-NOPRIV, insufficient privilege or object protection violation
%TCPIP-I-FTP_USER, user name: anonymous
%TCPIP-I-FTP_SESDCN, FTP SERVER: session disconnection from 59.22.140.17 at 19-MAY-2008 20:06:48.71
This is reflected in the TCPIP$FTP_ANONYMOUS.LOG:
19-MAY-2008 20:03:37.96 User:anonymous logged in ident:bleh@blah.co.uk from Host:59.22.140.17
19-MAY-2008 20:03:38.73 User:anonymous ident:bleh@blah.co.uk status:00010001 CWD dir:WEB_DISK2:[public.anonymous]
19-MAY-2008 20:06:48.69 User:anonymous ident:bleh@blah.co.uk logged out
This IP address resides in Korea:
inetnum: 59.0.0.0 - 59.31.255.255
netname: KORNET-KR
descr: Korea Telecom
country: KR
admin-c: IA9-KR
tech-c: IM9-KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
Might be an anonymizer, a hacked system, or something else.
Googlebot
keeps trying to access a non-existing directory in the anonymous FTP site:
7-MAY-2008 10:43:44.98 User:anonymous logged in ident:googlebot@google.com from Host:crawl-66-249-73-115.googlebot.com
7-MAY-2008 10:43:45.67 User:anonymous ident:googlebot@google.com status:07649912 CWD dir:perl
7-MAY-2008 10:43:46.29 User:anonymous ident:googlebot@google.com logged out
Sometimes a few days in a row, sometimes a few times a week, and then it backs out for weeks.