I'm looking at a server that might be misconfigured to handle Denial of Service. The database was knocked offline after the attack, and was unable to restart itself after it failed to restart when the attack subsided.
Details of the Attack:
The Attacker either intentionally or unintentionally sent 1000's of search queries using the applications search query url within a couple of seconds. It looks like the server was overwhelmed and it caused the database to log this message:
121118 20:28:55 InnoDB: Initializing buffer pool, size = 512.0M
InnoDB: mmap(549453824 bytes) failed; errno 12
Server Specs: 1.5GB of dedicated memory
Are there any obvious mis-configurations here that I'm missing?
**mysql.log**
121118 20:28:54 mysqld_safe Number of processes running now: 0
121118 20:28:54 mysqld_safe mysqld restarted
121118 20:28:55 [Warning] option 'slow_query_log': boolean value '/var/log/mysqld.slow.log' wasn't recognized. Set to OFF.
121118 20:28:55 [Note] Plugin 'FEDERATED' is disabled.
121118 20:28:55 InnoDB: The InnoDB memory heap is disabled
121118 20:28:55 InnoDB: Mutexes and rw_locks use GCC atomic builtins
121118 20:28:55 InnoDB: Compressed tables use zlib 1.2.3
121118 20:28:55 InnoDB: Using Linux native AIO
121118 20:28:55 InnoDB: Initializing buffer pool, size = 512.0M
InnoDB: mmap(549453824 bytes) failed; errno 12
121118 20:28:55 InnoDB: Completed initialization of buffer pool
121118 20:28:55 InnoDB: Fatal error: cannot allocate memory for the buffer pool
121118 20:28:55 [ERROR] Plugin 'InnoDB' init function returned error.
121118 20:28:55 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
121118 20:28:55 [ERROR] Unknown/unsupported storage engine: InnoDB
121118 20:28:55 [ERROR] Aborting
**ulimit -a**
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 13089
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 1024
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
**httpd.conf**
StartServers 10
MinSpareServers 8
MaxSpareServers 12
ServerLimit 256
MaxClients 256
MaxRequestsPerChild 4000
**my.cnf**
innodb_buffer_pool_size=512M
# Increase Innodb Thread Concurrency = 2 * [numberofCPUs] + 2
innodb_thread_concurrency=4
# Set Table Cache
table_cache=512
# Set Query Cache_Size
query_cache_size=64M
query_cache_limit=2M
# A sort buffer is used for optimizing sorting
sort_buffer_size=8M
# Log slow queries
slow_query_log=/var/log/mysqld.slow.log
long_query_time=2
#performance_tweak
join_buffer_size=2M
**php.ini**
memory_limit = 128M
post_max_size = 8M
Seems like you should optimize your SQL queries and/or use some CAPTCHA protection to prevent automated abuse. You might also set resource limits mysqli.max_persistent, mysqli.max_links (PHP) and/or MAX_USER_CONNECTIONS, MAX_QUERIES_PER_HOUR, MAX_CONNECTIONS_PER_HOUR (mysql).
mysql resource limits
mysql client (php) resource limits