1

My customer's BlueHost web server got hacked and somehow injected with malware. That was removed/fixed by using SiteLock, but in the midst of that "fix", remote connections to the MySQL database was broken. The error:

Lost connection to server at 'handshake: reading initial communication packet', system error: 0

enter image description here

I have looked carefully at this similar SO post and none of the suggested solutions worked, which I will comment on individually:

  1. The website is still able to query the database--it is only remote connections that fail (see error message posted above).
  2. My customer connects with Workbench and I use HeidiSQL. We are both on different sides of the country and both our clients fail to connect. Before the hack and sitelock repair, it worked for both of us with both of our clients.
  3. It is not a client-side firewall problem. Nothing has changed on the client side of either my customer or me. But changes were made on the server.
  4. In my.cnf there is no bind-address setting. Here are all the my.cnf settings:

enter image description here

  1. I confirmed through Terminal that MySQL is still running on port 3306:

enter image description here

  1. My client called BlueHost and asked if they were blocking connections to/from port 3306 and they said no. (Is there a way I can verify this?) I ran telnet mycustdomain.com 3306 from a windows command shell and it opened an active connection for me. No errors about connection closed, etc.

What can I do to discover the cause of this error, and how can I fix it?

** EDIT **

I tried adding bind-address = 0.0.0.0 but that made no difference - same error.

HerrimanCoder
  • 6,835
  • 24
  • 78
  • 158
  • easleyfixed: Isn't that what my `telnet` connection already proved? Can you give the syntax of what sort of ping you mean? – HerrimanCoder Mar 03 '23 at 15:14
  • Yeah sorry I just saw that part, sorry about that, .. did some research and MAYBE its related to this issue? https://stackoverflow.com/questions/27309187/django-exception-value-2013-2013-lost-connection-to-mysql-server-during-que Granted thats Django but maybe there is something here to consider. – easleyfixed Mar 03 '23 at 15:15
  • Something to do with : mysql-connector-python being glitchy. – easleyfixed Mar 03 '23 at 15:16
  • Nothing to do with python or django, I had already seen that post earlier but it was unrelated to my issue. – HerrimanCoder Mar 03 '23 at 15:24
  • Technically not true .. Workbench is written in Python .. so there may still be something there .. and its a connection issue .. so still think you might want to look into this one more. – easleyfixed Mar 03 '23 at 15:55
  • The point is, the problem isn't python; the problem is that the connection is being blocked by the server somehow. – HerrimanCoder Mar 03 '23 at 16:23
  • If you can ping it and it goes through ... then its not being blocked ... the connection is failing... likely because of the mysql_connect-Python issue .. I suspect what ever exploit they used to derp up the site probably derped up that connection as a side effect. – easleyfixed Mar 03 '23 at 16:46
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/252282/discussion-between-herrimancoder-and-easleyfixed). – HerrimanCoder Mar 03 '23 at 17:36
  • 1
    the line you showed as proove for a listening mysqld is a TCPV6 entry ... is your client (and you) really using the V6 IP to connect from remote? Please check if the server also listens on V4 – Synopsis Mar 08 '23 at 23:13
  • Synopsis, that's a bit beyond me. How can I check if server listens on V4, and if not, how can I enable that? – HerrimanCoder Mar 09 '23 at 00:51
  • Synopsis, is this relevant to my problem? https://stackoverflow.com/questions/42597567/why-mysql-just-listen-on-ipv6s-port-3306-not-a-ipv4s-port-3306 - Should I add a `bind-address` of `0.0.0.0`? – HerrimanCoder Mar 09 '23 at 01:01
  • I tried adding the `bind-address` and it changed nothing. Although I can telnet to that port on the server from my local dev box, something is blocking remote connections. – HerrimanCoder Mar 10 '23 at 19:33

0 Answers0