Bug #5649 Unauthenticated User Causes server freeze
Submitted: 19 Sep 2004 4:29 Modified: 4 Oct 2004 11:20
Reporter: [ name withheld ] Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.0.21-nt OS:Windows (Win2003 Server)
Assigned to: CPU Architecture:Any

[19 Sep 2004 4:29] [ name withheld ]
Description:
Recently I have had problems where the MySQL server process will begin taking 50-100% CPU power on my 3GHz P4 system. The longer it is left like that, the worse it gets.

When checking the MySQL administrator, it has one or more instances of Username: "Unauthenticated User", Host: "0.0.0.0" and Status is "Writing to net..."

I am unable to kill this user, and on the Server health tab of the MySQL administrator, traffic shows in excess of 1GB/s.

The only solution is to restart the server process. Now this is not a "hacking" attempt or a DoS, as the server only accepts connections from localhost, and the port is not open to the Internet.

The problem also occurred with  4.0.18-nt

How to repeat:
The problem started when I began using "phpMyChat", but the problem is NOT resolved by shutting down that, apache, php instances, etc. I'm unsure of exactly what triggers, it, because I cannot capture packets that go over localhost.

Suggested fix:
Besides putting a bandwidth/data limit of some sort on unauthenticated connections (a workaround), I don't know what causes it, so I cannot suggest.
[19 Sep 2004 19:01] [ name withheld ]
I upgraded to 5.0.1-alpha and haven't had the issue again yet, so whatever was the cause, it looks like it was fixed in the most recent iteration. Can't be certain for a few days yet though...
[25 Sep 2004 5:06] [ name withheld ]
Update... Still have the same issues with excessive CPU usage/locking up.

I started using the mysqld-max-nt version of 5.0.1-alpha, and it seems to happen less often, but still occurs.
[4 Oct 2004 11:20] MySQL Verification Team
I tested this on Windows 2003, 2000 and XP and I wasn't able to repeat the
behavior reported. I guess is something in your OS environment not present
on my machines.
[4 Oct 2004 18:20] [ name withheld ]
The issue seems to have stopped after switching from the CGI version of PHP to ISAPI Module... I believe it may have had something to do with an unclean disconnect while authenticating. Haven't had the problem since, so far...