I need help because my linux ubuntu server are getting too many SQL connections, and when I checked using netstat -t there are many connections like these:
tcp6 1 0 websitesaya.co.id:http 98-142-172-163.re:37854 CLOSE_WAIT tcp6 1 0 websitesaya.co.id:http 98-142-172-163.re:34962 CLOSE_WAIT tcp6 1 0 websitesaya.co.id:http 98-142-172-163.re:51678 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:44102 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http vmi80876.contabo.:46980 CLOSE_WAIT tcp6 0 531 websitesaya.co.id:http ks.kgovps.com:35146 LAST_ACK tcp6 0 0 websitesaya.co.id:http 98-142-172-163.re:55052 CLOSE_WAIT tcp6 1 0 websitesaya.co.id:http 157-171-172-163.r:36082 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:33698 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:59778 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http 157-171-172-163.r:51166 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http vmi80876.contabo.:49693 CLOSE_WAIT tcp6 0 0 websitesaya.co.id:http 98-142-172-163.re:52406 CLOSE_WAIT tcp6 1 0 websitesaya.co.id:http 157-171-172-163.r:53266 CLOSE_WAIT tcp6 0 639 websitesaya.co.id:http 98-142-172-163.re:58032 LAST_ACK tcp6 1 0 websitesaya.co.id:http ks.kgovps.com:59676 CLOSE_WAIT
and still hundreds or more like that
And no matter how many times I restarted the server or disconnect and reconnect. Those strage connections keeps appearing and appearing again.
Here’s what I’ve tried:
– I cannot block those incoming connections from linux firewall because everytime I want to block them, there are errors such as “157-171-172-163.r not found” Then how in the world I can block this IPs from trying to connect to my server?
– I cannot kill those process on MySQL Workbench because there are errors “Cannot kill threads 0” or something like that
[Update] Other helpful advice from other forum point that this might be SYN Flood Attack
You are being down-voted because you have not taken the time to research the technologies that you are trying to troubleshoot. Effectively, if you don’t take the time, why should we take time to help you?
A TCP socket in CLOSE_WAIT state means that your server has received a request to close a connection (FIN) from a client and the server has sent an Acknowledgement (ACK) in response. In the CLOSE_WAIT state, the TCP stack is waiting on the application to indicate that it is finished with the connection, at which point a FIN can be sent by the server and the socket transition to the LAST_ACK state.
Now, if you are seeing each CLOSE_WAIT socket hang around for a while, then that indicates that your webserver is not able to release connections fast enough. If the CLOSE_WAIT requests disappear quickly, then you probably just have a lot of web traffic on your server. Blanket blocking IP addresses from reaching your (publicly available) web server just because you don’t understand how something works seems a bit silly.
Source : Link , Question Author : pasaisea , Answer Author : Mark Riddell