We write a most of our websites in PHP and use MySQL database connections routinely. We are currently encountering a major performance issue on our dedicated server. When accessing our server it loads webpages very slowly and SSH’ing into the machine takes forever. We have restarted it a few times and after a few minutes that problem appears again.
Our web host (MidPhase) says that it could be related to a DOS attack and that they are going to place our dedicated server on CiscoGuard for 24hrs and check our server logs to verify if that is the case.
I’m concerned that we may have some poorly coded PHP scripts that are being exploited.
How would one check server wide for problems that could be caused by possibly PHP/MySQL injection exploits?
Thank you,
Tegan
I would check access logs for unusual requests (specially those indicating SQL injection, or massive requests to the same urls), and also enabling MySQL’s slow query log can be useful, since it will allow you to see any heavy query that can indicate either someone dumping your db, or your own code performing poorly on queries.
Consider modifying the slow query time value (default 10 seconds) to have a valuable log, and not empty / bloated with queries.
Using mtop to go over MySQL’s performance in real-time may be helpfull too.