Re: sa loginname being hacked

From: Rob R. Ainscough (robains_at_pacbell.net)
Date: 10/18/05

• Next message: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Previous message: Rob R. Ainscough: "Re: sa loginname being hacked"
• In reply to: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Next in thread: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Reply: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 18 Oct 2005 13:32:22 -0700

Do realize how insane it sounds to say "SQL Servers should not be directly
accessable from the outside world" -- cause when Microsoft first developed
SQL Server they said EXACTLY the opposite of what you just said.

Come on guys/gals, we need real solutions not "you can't do this and you
have to jump thru this hoop".

It is getting real frustrating seeing these standard responses -- so why
does SQL Server even respond to a port and public IP address? Why build the
functionality if one is NEVER supposed to use it to the big scary outside
world -- hell may as well just do IPX/SPX.

And please no more "and that's just the way it is"

"Joseph Bittman MVP MCSD" <RyanBittman@msn.com> wrote in message
news:u$AoTIA1FHA.3560@TK2MSFTNGP15.phx.gbl...
> October 18, 2005
>
> lol I didn't set this thread to 'watch' so I lost it....
>
> How are they being allowed to hit the SQL server with requests? SQL
> Servers should not be directly accessable from the outside world, and
> should have a web server or some other server in place to receive the
> requests first. I would block all traffic going to XXXXXX IP (your SQL
> Server's IP) from the outside network, and then implement another router
> or somewhere which allows only traffic from XXX IP (your web servers).
>
> I don't believe you can change the sa account name, as toooooo many
> programs rely on it as the 'default' name. Hope this helps!
>
> --
> Joseph Bittman
> Microsoft Certified Solution Developer
> Microsoft Most Valuable Professional -- DPM
>
> Web Site: http://71.39.42.23/
> Static IP
> "Pipo" <Pipo@home.com> wrote in message
> news:u7nI%23Bn0FHA.1132@TK2MSFTNGP10.phx.gbl...
>> Yes, we did. We know one of their IPs and blocked it...
>> But they are using now another IP (IPnumber 9 and 3 different domains
>> also!!...:-<)
>> It takes a lot of work every time blocking another IP of theirs....
>> So the easy thing for us is to just simply(??) change the sa loginname
>> into something else.
>> But I guess that's not possible??
>> We cant change our Domain name or SQL server name also...!!
>> Why cant I change the sa loginname???
>>
>> thanks for the help Joseph
>>
>> "Joseph Bittman MVP MCSD" <RyanBittman@msn.com> schreef in bericht
>> news:ukgdT5m0FHA.2884@TK2MSFTNGP09.phx.gbl...
>>> October 16, 2005
>>>
>>> Don't you have a router in place between the SQL Server and the outside
>>> world? Can't you trace where the packets are coming from and block that
>>> IP/Domain name?
>>>
>>> --
>>> Joseph Bittman
>>> Microsoft Certified Solution Developer
>>> Microsoft Most Valuable Professional -- DPM
>>>
>>> Web Site: http://71.39.42.23/
>>> Static IP
>>> "Pipo" <Pipo@home.com> wrote in message
>>> news:OAK3n%23l0FHA.560@TK2MSFTNGP12.phx.gbl...
>>>> Hi,
>>>>
>>>> Is there a way to change the sa as loginname?
>>>> At work we are getting haked by 'brut-force', every second we are
>>>> beinbg attacked with sa and a password.
>>>> It's a matter of time when the password will be hacked, so changing the
>>>> password isnt a solution.
>>>> If we also can change the sa loginname we will be better of.
>>>> Or is there something else we can do to prevent the hackers to get our
>>>> sa password?
>>>>
>>>> Many thanks
>>>>
>>>
>>>
>>
>>
>
>

• Next message: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Previous message: Rob R. Ainscough: "Re: sa loginname being hacked"
• In reply to: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Next in thread: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Reply: Joseph Bittman MVP MCSD: "Re: sa loginname being hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Problems with WebParts ... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ... (microsoft.public.dotnet.framework.aspnet) Re: Remote development advice ... We are using IIS as the web server. ... The IIS and SQL Server is setup in his ... I want to be able to access the pages that my friend has done remotely ... Then whichever web site he has configured as the default site on IIS should appear, assuming the web server was configured correctly. ... (microsoft.public.dotnet.general) Re: sa loginname being hacked ... > It takes a lot of work every time blocking another IP of theirs.... ... > We cant change our Domain name or SQL server name also...!! ... > Why cant I change the sa loginname??? ... >> Don't you have a router in place between the SQL Server and the outside ... (microsoft.public.sqlserver.security) Re: SQL2K WIN2K3 CONNECTION SECURITY ... My own benchmarking indicates that TCP/IP is faster than named pipes. ... the benchmark stats as the starting point... ... Perfmon and SQL Server Profiler along with SQL Server Query Analyser. ... encrypted on the web server. ... (microsoft.public.security) Re: sa loginname being hacked ... We cant change our Domain name or SQL server name also...!! ... Why cant I change the sa loginname??? ... > Microsoft Certified Solution Developer ... (microsoft.public.sqlserver.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint