Checking MySQL Logs for Possibility of Performance Issues/DOS attack

We write a most of our websites in PHP and use MySQL database connections routinely. We are currently encountering a major performance issue on our dedicated server. When accessing our server it loads webpages very slowly and SSH'ing into the machine takes forever. We have restarted it a few times and after a few minutes that problem appears again.

Our web host (MidPhase) says that it could be related to a DOS attack and that they are going to place our dedicated server on CiscoGuard for 2开发者_运维知识库4hrs and check our server logs to verify if that is the case.

I'm concerned that we may have some poorly coded PHP scripts that are being exploited.

How would one check server wide for problems that could be caused by possibly PHP/MySQL injection exploits?

Thank you, Tegan

I would check access logs for unusual requests (specially those indicating SQL injection, or massive requests to the same urls), and also enabling MySQL's slow query log can be useful, since it will allow you to see any heavy query that can indicate either someone dumping your db, or your own code performing poorly on queries.

Consider modifying the slow query time value (default 10 seconds) to have a valuable log, and not empty / bloated with queries.

Using mtop to go over MySQL's performance in real-time may be helpfull too.

Assuming you use a LAMP setup, I would start with something like

$ top

or

$ ps aux

to see what process is using lots of resources. It could be php / mysql but it could also be a mail server or a spam filter (just an example, if you are running that on the same server).

I suggest simply going through any PHP, and making sure that queries are being escaped (or use binding), and also that you're filtering for possible XSS attacks.