원격 서버의 MySQL 3306 포트가 살아있는지 검사할 때 단순히 커넥션을 한 후 close하게 되면 MySQL은 비정상적인 접속으로 판단하여 해당 IP를 블럭킹할 수 있다.
# telnet 192.168.1.2 3306 Trying 192.168.1.2... Connected to 192.168.1.2. Escape character is '^]'. }너무 많은 연결오류로 인하여 호스트 '192.168.1.1'는 블락되었습니다. 'mysqladmin flush-hosts'를 이용하여 블락을 해제하세요 Connection closed by foreign host. |
MySQL은 비정상적인 접속에 대한 요청수를 카운트를 하는데 max_connect_errors 변수에서 지정한 값을 넘으면 블럭킹을 한다. 기본 값은 10이며, 정기적인 포트 점검이 필요한 경우 이 수를 높여라.
다음은 MySQL Manual에 나온 글이다.
A.2.5 Host 'host_name' is blocked If you get the following error, it means that mysqld has received many connect requests from the host 'host_name' that have been interrupted in the middle: Host 'host_name' is blocked because of many connection errors. Unblock with 'mysqladmin flush-hosts' The number of interrupted connect requests allowed is determined by the value of the max_connect_errors system variable. After max_connect_errors failed requests, mysqld assumes that something is wrong (for example, that someone is trying to break in), and blocks the host from further connections until you execute a mysqladmin flush-hosts command or issue a FLUSH HOSTS statement. See section 5.2.3 Server System Variables. By default, mysqld blocks a host after 10 connection errors. You can adjust the value by starting the server like this: shell> mysqld_safe --max_connect_errors=10000 & If you get this error message for a given host, you should first verify that there isn't anything wrong with TCP/IP connections from that host. If you are having network problems, it will do you no good to increase the value of the max_connect_errors variable. |
* 참고
A.2.5 Host 'host_name' is blocked
http://dev.mysql.com/doc/mysql/en/Blocked_host.html
5.2.3 Server System Variables
http://dev.mysql.com/doc/mysql/en/Server_system_variables.html