Mysql and lamp issue: Warning: mysqli_real_connect(): (HY000/2002)

July 21, 2017 222 views
MySQL WordPress LAMP Stack Ubuntu 16.04

Hi guys, I hope you can help me, since 3 days ago I've been having issues with my droplet with ubuntu 16.04 and lamp. I use my droplet to run a wordpress site and a crm, both uses mysql, but now the server keeps displaying errors like:

Warning: mysqlirealconnect(): (HY000/2002): No such file or directory in /var/www/html/wp-includes/wp-db.php on line 1538

I tried uninstalling completely mysql 5.7 and resinstalling it, restoring a wp db backup, this worked for like an hour, the site displayed fine but then the error displays again.

3 Answers
hansen July 21, 2017
Accepted Answer

@kvnzavalza

You should still make sure that none of the active Apache logs are more than 10 MB:

ls -lh /var/log/apache2/

Otherwise it will slow down Apache a lot - and it will consume way too much memory.

And it sounds like you're being attacked, so I would recommend that you setup Fail2ban or something similar - or one of the many security plugins for WordPress might help too:
https://www.digitalocean.com/community/tutorials/how-to-protect-wordpress-with-fail2ban-on-ubuntu-14-04

WordPress is a very robust content-management system (CMS) that is free and open source. Because anyone can comment, create an account, and post on WordPress, many malicious actors have created networks of bots and servers that compromise and spam WordPress sites through brute-force attacks. The tool Fail2ban is useful in preventing unauthorized access to both your Droplet and your WordPress site. It notes suspicious or repeated login failures and proactively bans those IPs by modifying firewall
  • Thanks for your help, now it's working fine.

    I'll check Fail2Ban also because I had started to lose my mind with this lol.

What is going on in the PHP code in the aforementioned file on line 1538? It really looks like a file is missing somewhere.

  • Thanks for your answer, but no files missing (nano direct to path displayed in wp errors), site just stopped working, reinstalled mysql and restored db and worked fine for a moment , but then drops the same error.

Hi @kvnzavalza

How big is your droplet - $5, $10, ...?

Can you post the last 40 lines from your MySQL error log by running this command?

tail -40 /var/log/mysql/error.log

And can you also post your database connection host:

grep "DB_HOST" /var/www/html/wp-config.php
  • Hi @hansen

    This is the grep:

    define('DB_HOST', 'localhost');
    

    Here is the error.log, pasted in a external service because in here gives me error 403 when I try to post the log.

    https://pastebin.com/UMxr5dxM

    Also I noticed that now that the server is slowing down, i think that apache is consuming a lot of memory:

    free -h

    total used free shared buff/cache available
    Mem: 2.0G 1.8G 57M 17M 86M 12M
    Swap: 4.0G 4.0G 0B

    And checking with top I see a lot pid with apache commands with www-data user, and each one consummes at least 2% of the memory

    • @kvnzavalza

      Yes, you're running about of memory, so that's why the database is crashing:

      2017-07-21T13:11:23.542898Z 0 [ERROR] InnoDB: Cannot allocate memory for the buffer pool
      

      Apache can be heavy on memory usage, so if you have about 40 users at the same time, then you will be running out of RAM, since 40x2%=80% and that leaves very little for the database and Ubuntu.
      And you're also using the entire SWAP, which is not normal and highly problematic, since SWAP uses the disk constantly, so you are actually making other customer droplets slower (who are on the same physical hardware).

      Can you just run this:

      ls -lh /var/log/apache2/
      

      Also, I would recommend that you install htop which is a very tiny utility that gives a really good overview of resource usage:

      sudo apt install htop
      
      • Thanks for your answer, I checked the access.log from apache2 and I noticed a lot of lines like this:

        185.188.204.10 - - [21/Jul/2017:06:28:09 -0500] "POST /xmlrpc.php HTTP/1.0" 200 166 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
        185.188.204.6 - - [21/Jul/2017:12:49:18 -0500] "POST /xmlrpc.php HTTP/1.0" 200 166 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"
        

        I believe it's an XML-RPC attack

        If this is the case, how can I fix that in ubuntu 16.04, I never dealt with something like that.

Have another answer? Share your knowledge.