Re: sa loginname being hacked

From: Dan Guzman (guzmanda_at_nospam-online.sbcglobal.net)
Date: 10/17/05


Date: Sun, 16 Oct 2005 22:25:30 -0500

Have you considered Windows Authentication?

-- 
Hope this helps.
Dan Guzman
SQL Server MVP
"Pipo" <Pipo@home.com> wrote in message 
news:u757cPo0FHA.1564@tk2msftngp13.phx.gbl...
> Thanks for the answer Helmut, but we cant do the VPN solution you suggest.
> Yes, it is encrypted, they dont have the password yet!!!
> But if we dont do anything about it they will get it.
> For now we change the password every 5 minutes but we need more securit y.
> So changing the sa loginname will be a good place to start, I cant figure 
> out why I cant change that loginname!!! (like in Oracle!!)
> Or give the sa user no more rights and create my own 'sa'...:-s
>
> But I guess that the security of SQL server isnt that good or I am 
> wrong?????
>
>
>
>
>
> "helmut woess" <hw@iis.at> schreef in bericht 
> news:1jmjhgla30xw6.g3j5avfsyn1b.dlg@40tude.net...
>> Am Sun, 16 Oct 2005 18:41:40 +0200 schrieb Pipo:
>>
>>> Yes, we did. We know one of their IPs and blocked it...
>>> But they are using now another IP (IPnumber 9 and 3 different domains
>>> also!!...:-<)
>>> It takes a lot of work every time blocking another IP of theirs....
>>> So the easy thing for us is to just simply(??) change the sa loginname 
>>> into
>>> something else.
>>> But I guess that's not possible??
>>> We cant change our Domain name or SQL server name also...!!
>>> Why cant I change the sa loginname???
>>>
>>> thanks for the help Joseph
>>>
>>> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> schreef in bericht
>>> news:ukgdT5m0FHA.2884@TK2MSFTNGP09.phx.gbl...
>>>> October 16, 2005
>>>>
>>>>  Don't you have a router in place between the SQL Server and the 
>>>> outside
>>>> world? Can't you trace where the packets are coming from and block that
>>>> IP/Domain name?
>>>>
>>>> -- 
>>>>                      Joseph Bittman
>>>>     Microsoft Certified Solution Developer
>>>> Microsoft Most Valuable Professional -- DPM
>>>>
>>>> Web Site: http://71.39.42.23/
>>>> Static IP
>>>> "Pipo" <Pipo@home.com> wrote in message
>>>> news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> Is there a way to change the sa as loginname?
>>>>> At work we are getting haked by 'brut-force', every second we are 
>>>>> beinbg
>>>>> attacked with sa and a password.
>>>>> It's a matter of time when the password will be hacked, so changing 
>>>>> the
>>>>> password isnt a solution.
>>>>> If we also can change the sa loginname we will be better of.
>>>>> Or is there something else we can do to prevent the hackers to get our 
>>>>> sa
>>>>> password?
>>>>>
>>>>> Many thanks
>>>>>
>>>>
>>>>
>> Is your traffic between clients and Server encrypted? If not they can 
>> find
>> login and passwort in clear text in the traffic.
>> I can highly recommend to use a simple VPN-Server and allow connections
>> from outside only over VPN!
>>
>> bye, helmut
>
> 


Relevant Pages

  • Re: sa loginname being hacked
    ... when SQL Server is configured for only Windows authentication. ... >>> So changing the sa loginname will be a good place to start, I cant ...
    (microsoft.public.sqlserver.security)
  • Re: problem when calling a stored procedure from ms sql 2000 with java
    ... > I am trying to call a stored procedure from ms sql server 2000 but I cant ... FirstSQL/J Object/Relational DBMS ...
    (comp.lang.java.databases)
  • RE: Problem in Connetion / C# coudnt be connect to my DB
    ... recently I've been encountered to a sikt problem while conneting to ... SQL Server via C#, whenever I want to load my project and then run it, ... it show me one Error that cant be connect to database, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Compass Software
    ... matter what I do. ... > And the fact that you cant just change a code and upload...you gotta send ... > Their use of upload/download is also confusing...to me you upload to a ... > | MySql or even SQL server can do the job. ...
    (alt.security.alarms)
  • Re: using modify table command
    ... Am new to sql server to sobear with me, have checked around but cant ... I want to change fieldname from nvarcharto nvarcharas part ... ALTER TABLE myTable ALTER COLUMN fieldname nvarchar ...
    (comp.databases.ms-sqlserver)