Missing mysqld.sock

[rsthomas]

I was working on a site yesterday and suddenly I was not able to bring anything up. The command to open the database returned this error message:
Connection failed: No such file or directory

service mysql status gives me this line:
Active: activating (start) since Thu 2025-06-26 15:57:15 EDT; 271ms ago
Not indicating Mysql is running

service mysql start and service mysql restart don't work.

mysql command returns this error message:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

ls -l /var/run/mysqld/mysqld.sock tells me this:
ls: cannot access '/var/run/mysqld/mysqld.sock': No such file or directory

Evidently /var/run/mysqld/mysqld.sock has suddenly disappeared, and I can't find it anywhere on the server!

find / -name mysqld.sock
find: â/proc/385863â: No such file or directory
find: â/proc/385869â: No such file or directory
find: â/proc/385870â: No such file or directory

I run another Sentora server that has the file but it won't let me copy it to my computer in order to transfer to the dead server.
srwxrwxrwx 1 mysql mysql 0 May 6 06:48 mysqld.sock

What a mess!! Any ideas on how to get it back?

[TGates]

I was working on a site yesterday and suddenly I was not able to bring anything up.  The command to open the database returned this error message:
    Connection failed: No such file or directory

service mysql status gives me this line:
      Active: activating (start) since Thu 2025-06-26 15:57:15 EDT; 271ms ago
          Not indicating Mysql is running

service mysql start and service mysql restart don't work.

mysql command returns this error message:
    ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock'

ls -l /var/run/mysqld/mysqld.sock tells me this:
    ls: cannot access '/var/run/mysqld/mysqld.sock': No such file or directory

Evidently /var/run/mysqld/mysqld.sock has suddenly disappeared, and I can't find it anywhere on the server!

find / -name mysqld.sock
    find: â/proc/385863â: No such file or directory
    find: â/proc/385869â: No such file or directory
    find: â/proc/385870â: No such file or directory

I run another Sentora server that has the file but it won't let me copy it to my computer in order to transfer to the dead server.
    srwxrwxrwx 1 mysql mysql 0 May  6 06:48 mysqld.sock

What a mess!!  Any ideas on how to get it back?

Basic question, but have you completely restarted the server?
This should re-create the missing file on startup.
If after a restart it doesn't work, try service mysql start and immediately check /var/log/syslog and /var/log/mysql/error.log for any mysql startup errors.

Info about the /var/run folder and files:
The files in /var/run (sym-linked to /run folder) are created at startup and holds operating system information and are technically 'not accessable' because they are used and run by the system.
Here is info on the /run and /var/run folders:

/run
This directory contains information which describes the system since it was booted. Once this purpose was served by /var/run and programs may continue to use it.

/var/run
Run-time variable files, like files holding process identifiers (PIDs) and logged user information (utmp). Files in this directory are usually cleared when the system boots.

[rsthomas]

Thanks for your input!

Restarting the server does nothing to help. The CPU activity is running at 60% and higher, which indicates to me that something is constantly trying to be processed -- probably Mysql.

The logs you suggested mean nothing to me, perhaps you understand them.

THANKS!

[TGates]

Thanks for your input!

Restarting the server does nothing to help.  The CPU activity is running at 60% and higher, which indicates to me that something is constantly trying to be processed -- probably Mysql.

The logs you suggested mean nothing to me, perhaps you understand them.

THANKS!

Ok, I'll check them out.

---

Ok, I'll check them out.

I have not seen that before, so I checked Google: Google: innodb found invalid event sequence while recovering from binary log file

Binary Log Corruption:
The binary log file itself might be corrupted due to disk errors, improper shutdown of the MySQL server, or other issues.

The AI Overview has a couple basic things to check/try and some suggestions on what to use to fix it.

There also are a few good sites below that that will probably be more helpfull.

I'm not sure how much more help I can be on this.

[rsthomas]

I appreciate your help! Thanks for the Google links. One of them them revealed the solution:

https://stackoverflow.com/questions/2057...sqld-mysql

Edit mysql config file by doing the below: sudo nano /etc/mysql/my.cnf and add tc-heuristic-recover=rollback under [mysqld]

Try to start mysql/mariadb server by sudo systemctl start mysql.service and it should fail with this error Can't init tc log.

Don't worry, just edit the config file again and comment tc-heuristic-recover=rollback

Try to start the mysql server again with sudo service start mysql.service and it should work fine.

Check the status to confirm service status mysql.service

[TGates]

I appreciate your help!  Thanks for the Google links.  One of them them revealed the solution:

https://stackoverflow.com/questions/2057...sqld-mysql

Edit mysql config file by doing the below: sudo nano /etc/mysql/my.cnf and add tc-heuristic-recover=rollback under [mysqld]

Try to start mysql/mariadb server by sudo systemctl start mysql.service and it should fail with this error Can't init tc log.

Don't worry, just edit the config file again and comment tc-heuristic-recover=rollback

Try to start the mysql server again with sudo service start mysql.service and it should work fine.

Check the status to confirm service status mysql.service

Great! Glad you were able to solve it! StackOverflow is one of my favorite go-to sites.

[rsthomas]

Yep, all was well since Saturday afternoon -- until this afternoon when the server filled up again!

Looking at /var/log/syslog it appears I have been hacked by some maggots using me as their private email server.

If you don't mind, can I pick your brain again?

Mysql seems to still be running, as I haven't rebooted the server. Trying to run it tells me this: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO). Do I need to include the password somewhere in the command line?

1.) I expect there is a file on the server that is running the show. Any idea how I can locate it?

2.) It might be using a database table or text file to provide the addresses

3.) Is there a way I can delete the email log file in order to recover some space?

At any rate, things have settled down now since the hackers might be done for the day.

I can resize the hard drive to get the domains/sites to come up but unless I delete the script and/or email list file it will just fill up again. With your expert advice, hopefully I can delete the files that are causing the problem.

Thanks in advance for your help!

[TGates]

Yep, all was well since Saturday afternoon -- until this afternoon when the server filled up again!

Looking at /var/log/syslog it appears I have been hacked by some maggots using me as their private email server.

If you don't mind, can I pick your brain again?

Mysql seems to still be running, as I haven't rebooted the server.  Trying to run it tells me this:  ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO).  Do I need to include the password somewhere in the command line?

1.) I expect there is a file on the server that is running the show.  Any idea how I can locate it?

2.) It might be using a database table or text file to provide the addresses

3.) Is there a way I can delete the email log file in order to recover some space?

At any rate, things have settled down now since the hackers might be done for the day.

I can resize the hard drive to get the domains/sites to come up but unless I delete the script and/or email list file it will just fill up again.  With your expert advice, hopefully I can delete the files that are causing the problem.

Thanks in advance for your help!

I'll check it out. 
You can edit the large log file and delete it's contents and save it. Thats what I do when I'm testing.
Send me a PM with your hosting domain, and the domain you think is causing the problems.
If you have a site that has vulnerable code, they could be getting in that way.
If you have an older backup of your hostdata folder, you could try and compare the old one vs the new one and see what files are new or don't belong or what files are larger than they are supposed to be.
We had a similiar issue happen with our docs site. A hacker was able to get in through an old no longer supported WYSIWYG editor. (Like the one one here with the bold, italilic, etc.)

---

On another note, could you use a different editor for the log files you send me? Something like notepad++ ?
I don't have a decent docx viewer/reader unfortunately.

[rsthomas]

I sent the PM a day or two ago.

Meanwhile, I had previously deleted the email address that had received over 4,000 Delayed Mail and Undelivered Email messages. Today I created the account again and it soon filled with 100 such messages.

Picking the original recipient's email address from one of those messages I thought I could do a grep search and find the file (database or otherwise) that it came from, but nothing showed up. Is that because database files are in binary form, and if so is there a way to search through them also?

Anyway, whatever is happening with the server caused it to go from 40 GB to 80 very quickly. There has to be one or more huge files somewhere.