Documentation Home
MySQL 8.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 38.1Mb
PDF (A4) - 38.1Mb
PDF (RPM) - 33.0Mb
HTML Download (TGZ) - 8.1Mb
HTML Download (Zip) - 8.1Mb
HTML Download (RPM) - 7.0Mb
Man Pages (TGZ) - 132.7Kb
Man Pages (Zip) - 189.0Kb
Info (Gzip) - 3.4Mb
Info (Zip) - 3.4Mb
Excerpts from this Manual

B.5.2.5 Host 'host_name' is blocked

If the following error occurs, it means that mysqld has received many connection requests from the given host that were interrupted in the middle:

Host 'host_name' is blocked because of many connection errors.
Unblock with 'mysqladmin flush-hosts'

The value of the max_connect_errors system variable determines how many successive interrupted connection requests are permitted. (See Section 5.1.7, “Server System Variables”.) After max_connect_errors failed requests without a successful connection, mysqld assumes that something is wrong (for example, that someone is trying to break in), and blocks the host from further connections until you issue a FLUSH HOSTS statement or execute a mysqladmin flush-hosts command.

By default, mysqld blocks a host after 100 connection errors. You can adjust the value by setting max_connect_errors at server startup:

shell> mysqld_safe --max_connect_errors=10000 &

The value can also be set at runtime:

mysql> SET GLOBAL max_connect_errors=10000;

If you get the Host 'host_name' is blocked error message for a given host, you should first verify that there is nothing wrong with TCP/IP connections from that host. If you are having network problems, it does you no good to increase the value of the max_connect_errors variable.


User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
  Posted by Priyanke de Siva on December 3, 2014
Hello All,

I was looking for a way to block hosts (for sometime) based on authentication failure counts (i.e. block bad attempts for a few minutes/hours and release automatically).

About a year ago I wrote something to block hackers to my SIP server which has proved successful.

Hence, I adapted it to MySQL.

The code/explanation is at http://www.abelcanada.com/securemysql.php for anybody who it interested.

This model can be adapted for any software which is used for IP (or any other) login and parameters can be changed to suite each individual requirement.

This complements IPTABLES, but is a better solution as it blocks the IP as a service, rather than global.

Anthonus

Sign Up Login You must be logged in to post a comment.