Re: sa loginname being hacked
From: Pipo (NoSpam_at_me.com)
Date: 10/17/05
- Previous message: Pleo: "Re: How to change sql login username instead of create new one."
- In reply to: Dan Guzman: "Re: sa loginname being hacked"
- Next in thread: Dan Guzman: "Re: sa loginname being hacked"
- Reply: Dan Guzman: "Re: sa loginname being hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Oct 2005 11:32:25 +0200
What do you mean by that?
I still have the sa account which is active....so they still can get in via
the sa account.
"Dan Guzman" <guzmanda@nospam-online.sbcglobal.net> wrote in message
news:%23Zigups0FHA.1040@TK2MSFTNGP14.phx.gbl...
> Have you considered Windows Authentication?
>
> --
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
>
> "Pipo" <Pipo@home.com> wrote in message
> news:u757cPo0FHA.1564@tk2msftngp13.phx.gbl...
> > Thanks for the answer Helmut, but we cant do the VPN solution you
suggest.
> > Yes, it is encrypted, they dont have the password yet!!!
> > But if we dont do anything about it they will get it.
> > For now we change the password every 5 minutes but we need more securit
y.
> > So changing the sa loginname will be a good place to start, I cant
figure
> > out why I cant change that loginname!!! (like in Oracle!!)
> > Or give the sa user no more rights and create my own 'sa'...:-s
> >
> > But I guess that the security of SQL server isnt that good or I am
> > wrong?????
> >
> >
> >
> >
> >
> > "helmut woess" <hw@iis.at> schreef in bericht
> > news:1jmjhgla30xw6.g3j5avfsyn1b.dlg@40tude.net...
> >> Am Sun, 16 Oct 2005 18:41:40 +0200 schrieb Pipo:
> >>
> >>> Yes, we did. We know one of their IPs and blocked it...
> >>> But they are using now another IP (IPnumber 9 and 3 different domains
> >>> also!!...:-<)
> >>> It takes a lot of work every time blocking another IP of theirs....
> >>> So the easy thing for us is to just simply(??) change the sa loginname
> >>> into
> >>> something else.
> >>> But I guess that's not possible??
> >>> We cant change our Domain name or SQL server name also...!!
> >>> Why cant I change the sa loginname???
> >>>
> >>> thanks for the help Joseph
> >>>
> >>> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> schreef in bericht
> >>> news:ukgdT5m0FHA.2884@TK2MSFTNGP09.phx.gbl...
> >>>> October 16, 2005
> >>>>
> >>>> Don't you have a router in place between the SQL Server and the
> >>>> outside
> >>>> world? Can't you trace where the packets are coming from and block
that
> >>>> IP/Domain name?
> >>>>
> >>>> --
> >>>> Joseph Bittman
> >>>> Microsoft Certified Solution Developer
> >>>> Microsoft Most Valuable Professional -- DPM
> >>>>
> >>>> Web Site: http://71.39.42.23/
> >>>> Static IP
> >>>> "Pipo" <Pipo@home.com> wrote in message
> >>>> news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
> >>>>> Hi,
> >>>>>
> >>>>> Is there a way to change the sa as loginname?
> >>>>> At work we are getting haked by 'brut-force', every second we are
> >>>>> beinbg
> >>>>> attacked with sa and a password.
> >>>>> It's a matter of time when the password will be hacked, so changing
> >>>>> the
> >>>>> password isnt a solution.
> >>>>> If we also can change the sa loginname we will be better of.
> >>>>> Or is there something else we can do to prevent the hackers to get
our
> >>>>> sa
> >>>>> password?
> >>>>>
> >>>>> Many thanks
> >>>>>
> >>>>
> >>>>
> >> Is your traffic between clients and Server encrypted? If not they can
> >> find
> >> login and passwort in clear text in the traffic.
> >> I can highly recommend to use a simple VPN-Server and allow connections
> >> from outside only over VPN!
> >>
> >> bye, helmut
> >
> >
>
>
- Previous message: Pleo: "Re: How to change sql login username instead of create new one."
- In reply to: Dan Guzman: "Re: sa loginname being hacked"
- Next in thread: Dan Guzman: "Re: sa loginname being hacked"
- Reply: Dan Guzman: "Re: sa loginname being hacked"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
