All geek questions in one place

How can I smooth out bad logins in SQL Server 2005?

I believe that my server has become a constant brute force attack on SQL Server 2005 (SQLExpress). The event log event log is populated with Failure Audit messages for SQL Server. Attempts usually last for an hour or two, with 1-2 seconds between attempts.

Login failed for user '[CLIENT: 222.169.224.163]

Event ID: 18456. Based on the matching entries in the SQL Server log, I found that each login fails due to an inappropriate password. I also saw attempts for other users, including "admin" and "admin." Each session originates from a different IP address and refers to countries such as Italy and China.

What countermeasures can be taken? I do not want to block the user account, because then my site and applications will not have access to the server. Is there a way to block login attempts to SQL Server 2005? For example. geometrically increase the "waiting period" between failed login attempts?

+3
source share
4 answers

Unable to activate SQL Server login attempts that I know of. However, I am very curious how Internet users can go this far. Aren't you behind the firewall? This is some scary access and should be fixed as soon as possible.

- , - 80 443.

+5

, . - .

+3

SQL Server (1433) .

+1

sa , Sql.

ALTER LOGIN sa DISABLE;

ALTER LOGIN sa WITH NAME = [sys12-21admin];

(, , .)

http://blogs.msdn.com/sqltips/archive/2005/08/27/457184.aspx

, Sql Server.

As far as I understand, applications use "sa" to enter daily tasks, and this can lead to account lockout. Just in case, this will happen using http://www.windowsecurity.com/articles/Hacking_an_SQL_Server.html

This is another security issue, of course, the reason you should try to stop access as soon as possible, as mentioned in earlier posts.

0
source

Source: https://habr.com/ru/post/1704130/

More articles:


All Articles