Re: sa loginname being hacked

From: Dan Guzman (
Date: 10/17/05

Date: Sun, 16 Oct 2005 22:25:30 -0500

Have you considered Windows Authentication?

Hope this helps.
Dan Guzman
SQL Server MVP
"Pipo" <> wrote in message 
> Thanks for the answer Helmut, but we cant do the VPN solution you suggest.
> Yes, it is encrypted, they dont have the password yet!!!
> But if we dont do anything about it they will get it.
> For now we change the password every 5 minutes but we need more securit y.
> So changing the sa loginname will be a good place to start, I cant figure 
> out why I cant change that loginname!!! (like in Oracle!!)
> Or give the sa user no more rights and create my own 'sa'...:-s
> But I guess that the security of SQL server isnt that good or I am 
> wrong?????
> "helmut woess" <> schreef in bericht 
>> Am Sun, 16 Oct 2005 18:41:40 +0200 schrieb Pipo:
>>> Yes, we did. We know one of their IPs and blocked it...
>>> But they are using now another IP (IPnumber 9 and 3 different domains
>>> also!!...:-<)
>>> It takes a lot of work every time blocking another IP of theirs....
>>> So the easy thing for us is to just simply(??) change the sa loginname 
>>> into
>>> something else.
>>> But I guess that's not possible??
>>> We cant change our Domain name or SQL server name also...!!
>>> Why cant I change the sa loginname???
>>> thanks for the help Joseph
>>> "Joseph Bittman MVP MCSD" <> schreef in bericht
>>> news:ukgdT5m0FHA.2884@TK2MSFTNGP09.phx.gbl...
>>>> October 16, 2005
>>>>  Don't you have a router in place between the SQL Server and the 
>>>> outside
>>>> world? Can't you trace where the packets are coming from and block that
>>>> IP/Domain name?
>>>> -- 
>>>>                      Joseph Bittman
>>>>     Microsoft Certified Solution Developer
>>>> Microsoft Most Valuable Professional -- DPM
>>>> Web Site:
>>>> Static IP
>>>> "Pipo" <> wrote in message
>>>> news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
>>>>> Hi,
>>>>> Is there a way to change the sa as loginname?
>>>>> At work we are getting haked by 'brut-force', every second we are 
>>>>> beinbg
>>>>> attacked with sa and a password.
>>>>> It's a matter of time when the password will be hacked, so changing 
>>>>> the
>>>>> password isnt a solution.
>>>>> If we also can change the sa loginname we will be better of.
>>>>> Or is there something else we can do to prevent the hackers to get our 
>>>>> sa
>>>>> password?
>>>>> Many thanks
>> Is your traffic between clients and Server encrypted? If not they can 
>> find
>> login and passwort in clear text in the traffic.
>> I can highly recommend to use a simple VPN-Server and allow connections
>> from outside only over VPN!
>> bye, helmut

Relevant Pages

  • Re: sa loginname being hacked
    ... when SQL Server is configured for only Windows authentication. ... >>> So changing the sa loginname will be a good place to start, I cant ...
  • Re: problem when calling a stored procedure from ms sql 2000 with java
    ... > I am trying to call a stored procedure from ms sql server 2000 but I cant ... FirstSQL/J Object/Relational DBMS ...
  • RE: Problem in Connetion / C# coudnt be connect to my DB
    ... recently I've been encountered to a sikt problem while conneting to ... SQL Server via C#, whenever I want to load my project and then run it, ... it show me one Error that cant be connect to database, ...
  • Re: Compass Software
    ... matter what I do. ... > And the fact that you cant just change a code and gotta send ... > Their use of upload/download is also me you upload to a ... > | MySql or even SQL server can do the job. ...
  • Re: using modify table command
    ... Am new to sql server to sobear with me, have checked around but cant ... I want to change fieldname from nvarcharto nvarcharas part ... ALTER TABLE myTable ALTER COLUMN fieldname nvarchar ...