mysql 参数max_connect_errors研究

1.在server端设置max_connect_errors=3，超过3次连接错误就block

mysql> set global max_connect_errors=3;

Query OK, 0 rows affected (0.00 sec)

mysql> show variables like 'max_connect_errors';

+--------------------+-------+

| Variable_name | Value |

+--------------------+-------+

| max_connect_errors | 3 |

+--------------------+-------+

1 row in set (0.00 sec)

2.在客户端10.153.56.25连接server,不输入密码四次，第五次依旧连接上了

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

ERROR 1045 (28000): Access denied for user 'root'@'10.153.56.25' (using password: NO)

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

ERROR 1045 (28000): Access denied for user 'root'@'10.153.56.25' (using password: NO)

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

ERROR 1045 (28000): Access denied for user 'root'@'10.153.56.25' (using password: NO)

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

ERROR 1045 (28000): Access denied for user 'root'@'10.153.56.25' (using password: NO)

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 17

Server version: 5.7.26-log MySQL Community Server (GPL)

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

3.在server端看到10.153.56.25

HOST_VALIDATED: YES ，

SUM_CONNECT_ERRORS: 0 ，

COUNT_HOST_BLOCKED_ERRORS: 0

COUNT_AUTHENTICATION_ERRORS: 4

说明密码错误并不数据连接错误

mysql> select * from performance_schema.host_cache\G

*************************** 1. row ***************************

IP: 10.153.56.25

HOST: NULL

HOST_VALIDATED: YES

SUM_CONNECT_ERRORS: 0

COUNT_HOST_BLOCKED_ERRORS: 0

COUNT_NAMEINFO_TRANSIENT_ERRORS: 0

COUNT_NAMEINFO_PERMANENT_ERRORS: 1

COUNT_FORMAT_ERRORS: 0

COUNT_ADDRINFO_TRANSIENT_ERRORS: 0

COUNT_ADDRINFO_PERMANENT_ERRORS: 0

COUNT_FCRDNS_ERRORS: 0

COUNT_HOST_ACL_ERRORS: 0

COUNT_NO_AUTH_PLUGIN_ERRORS: 0

COUNT_AUTH_PLUGIN_ERRORS: 0

COUNT_HANDSHAKE_ERRORS: 0

COUNT_PROXY_USER_ERRORS: 0

COUNT_PROXY_USER_ACL_ERRORS: 0

COUNT_AUTHENTICATION_ERRORS: 4

COUNT_SSL_ERRORS: 0

COUNT_MAX_USER_CONNECTIONS_ERRORS: 0

COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0

COUNT_DEFAULT_DATABASE_ERRORS: 0

COUNT_INIT_CONNECT_ERRORS: 0

COUNT_LOCAL_ERRORS: 0

COUNT_UNKNOWN_ERRORS: 0

FIRST_SEEN: 2025-02-13 14:26:57

LAST_SEEN: 2025-02-13 14:27:10

FIRST_ERROR_SEEN: 2025-02-13 14:26:57

LAST_ERROR_SEEN: 2025-02-13 14:27:02

1 row in set (0.00 sec)

4.通过telnet 10.153.35.2 3306命令，超过3次后第四次后就报错：

Host '10.153.56.25' is blocked because of many connection errors;

正常的mysql -h 10.153.35.2 -u root -p输入密码也被 block了

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ telnet 10.153.35.2 3306

Trying 10.153.35.2...

Connected to 10.153.35.2.

Escape character is '^]'.

N

5.7.26-logM:Nu

-A%a-9c2Ubmysql_native_password

!#08S01Got packets out of orderConnection closed by foreign host.

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ telnet 10.153.35.2 3306

Trying 10.153.35.2...

Connected to 10.153.35.2.

Escape character is '^]'.

N

5.7.26-logS8IQA-CNOG\+|mSCmysql_native_password

!#08S01Got packets out of orderConnection closed by foreign host.

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ telnet 10.153.35.2 3306

Trying 10.153.35.2...

Connected to 10.153.35.2.

Escape character is '^]'.

N

5.7.26-logWd7[G-

-6% "mysql_native_password

!#08S01Got packets out of orderConnection closed by foreign host.

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ telnet 10.153.35.2 3306

Trying 10.153.35.2...

Connected to 10.153.35.2.

Escape character is '^]'.

jHost '10.153.56.25' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ telnet 10.153.35.2 3306

Trying 10.153.35.2...

Connected to 10.153.35.2.

Escape character is '^]'.

jHost '10.153.56.25' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

ERROR 1129 (HY000): Host '10.153.56.25' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

5.server端可以看到

SUM_CONNECT_ERRORS: 3

COUNT_HOST_BLOCKED_ERRORS: 3

mysql> select * from performance_schema.host_cache\G

*************************** 1. row ***************************

IP: 10.153.56.25

HOST: NULL

HOST_VALIDATED: YES

SUM_CONNECT_ERRORS: 3

COUNT_HOST_BLOCKED_ERRORS: 3

COUNT_NAMEINFO_TRANSIENT_ERRORS: 0

COUNT_NAMEINFO_PERMANENT_ERRORS: 1

COUNT_FORMAT_ERRORS: 0

COUNT_ADDRINFO_TRANSIENT_ERRORS: 0

COUNT_ADDRINFO_PERMANENT_ERRORS: 0

COUNT_FCRDNS_ERRORS: 0

COUNT_HOST_ACL_ERRORS: 0

COUNT_NO_AUTH_PLUGIN_ERRORS: 0

COUNT_AUTH_PLUGIN_ERRORS: 0

COUNT_HANDSHAKE_ERRORS: 3

COUNT_PROXY_USER_ERRORS: 0

COUNT_PROXY_USER_ACL_ERRORS: 0

COUNT_AUTHENTICATION_ERRORS: 4

COUNT_SSL_ERRORS: 0

COUNT_MAX_USER_CONNECTIONS_ERRORS: 0

COUNT_MAX_USER_CONNECTIONS_PER_HOUR_ERRORS: 0

COUNT_DEFAULT_DATABASE_ERRORS: 0

COUNT_INIT_CONNECT_ERRORS: 0

COUNT_LOCAL_ERRORS: 0

COUNT_UNKNOWN_ERRORS: 0

FIRST_SEEN: 2025-02-13 14:26:57

LAST_SEEN: 2025-02-13 14:33:15

FIRST_ERROR_SEEN: 2025-02-13 14:26:57

LAST_ERROR_SEEN: 2025-02-13 14:33:15

1 row in set (0.00 sec)

6.解决办法就是在server端执行flush hosts;

mysql> flush hosts;

Query OK, 0 rows affected (0.00 sec)

mysql> select * from performance_schema.host_cache\G

Empty set (0.00 sec)

可以看到10.153.56.25这个client又可以连接了

mysql@t3-tksbscms-tkcms-db-mysql01-ma01 bin$ mysql -h 10.153.35.2 -u root -p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 24

Server version: 5.7.26-log MySQL Community Server (GPL)

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its

affiliates. Other names may be trademarks of their respective

owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>