“mysqld dead but subsys locked” – cause and fix?

  • I maintain a WordPress website for a small company. The website gets low traffic, and I only make small content updates maybe once a year. I let the WordPress version auto-update, and I have a couple of security-minded plugins running (Sucuri Security, Wordfence Security), to warn me for normal/abnormal administation tasks.

    Over the past few weeks, I’ve been getting emails warning me that a user has been locked out due to failed login attempts. (This is a feature I’ve enabled through the Wordfence plugin.) I also have 2FA login enabled via the plugin. So, I haven’t really been paying much attention to this – a user is trying and failing to log in… so what?

    Today I just decided to visit the site myself and I immediately got an error message: “Error establishing a database connection”. I logged into the (Amazon Linux) server and ran “sudo service mysqld status” and the result was: “mysqld dead but subsys locked”. I logged into AWS and just stopped and started the server, and the site is back running and accessible again. It’s hard to tell from the Apache logs when the site was last running fine, but it looks like it could have been ~3 days ago. Nobody notified me that the site was offline – as I said, it gets low traffic volumes.

    What I’m wondering is, what could have brought about this MySQL problem? Could those failed login attempts have “overloaded” the server? Wordfence reports 1,838 brute force login attempts in the last month.

Viewing 3 replies - 1 through 3 (of 3 total)

  • You need a better firewall with UTM or a hosting site. Did you try sudo service mysql restart? Can you reboot the server? You could put in a .htaccess file in wp-admin to only allow your ip address to access it.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    What’s in /var/log/mysql or /var/log/mariadb? Anything useful?

    Thread Starter osullic

    (@osullic)

    There was nothing obvious to me in the MySQL log. It seems to just be regular startup-type messages in there. Admittedly, I don’t have tons of time to spend on this (or much reason to do so).

    I’ve decided for now just to add a few more rules to my Apache configuration – block access to the WordPress login using HTTP Basic Authentication. That should mean that any mischievous web requests (brute force attacks or otherwise) should be handled solely by Apache, without reaching PHP/MySQL.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘“mysqld dead but subsys locked” – cause and fix?’ is closed to new replies.