Re: SQL Server 2005 - getting Bruteforced

Andreas
It is considered really bad practice that you connect to the database via SA
user. In my opinion it is matter of time that your server will be attacked
or soemthimg like that.
Pls read this article
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --------security
best practices



"Andreas Kraus" <ak@xxxxxxxxxxxxxxxx> wrote in message
news:%23jVhnJWWGHA.4484@xxxxxxxxxxxxxxxxxxxxxxx
Hi and thanks for your reply.

The SQL Server is running on an Internet Server with ASP.NET v2 remotely.
We are testing several Web Applications there with a Remote Team.

The ASP.NET Applications are using SQL Authentication instead of Windows
Authentication. I wouldn't know how to create a Connection String based on
Windows Authentication..

The SA Password is pretty strong but those attacks are really annoying.

Is it possible to restrict the SA Account to local connections only?



Uri Dimant wrote:
Andreas

How did you host your SQL Server? Does it have an access thru internet?
TCP/IP port is enabled/disabled?

Make sure that your 'SA' password is strong enough amd you are connected
to the SQL Server via windows authentication
I think you should involve/inform your network admin that an appropriate
steps to be taken



"Andreas Kraus" <ak@xxxxxxxxxxxxxxxx> wrote in message
news:uboWfuUWGHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

in my Event Log I get every 2 seconds a new Entry about that:

Login failed for user 'sa'. [CLIENT: 80.190.250.116]

Obviously someone is trying to find out the password for my sa Account.
No matter when I put the SQL Server up, there's always some IP trying to
login with the sa Account.

What can I do against that?

Thanks!


.

Relevant Pages

  • Re: Login failed for user (null).
    ... authenticated connection with SQL server. ... Whether or not the remote service accepts the authentication from client ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: server authentication & ASP authentication
    ... on to the client workstation with an authorized Windows account. ... SQL Server with Windows authentication. ...
    (microsoft.public.sqlserver.security)
  • RE: SBS 2003 Unable to connect to database STS_Config
    ... Uninstall the SQL server from the SBS 2k3 server from add/remove programs ... Uninstall Microsoft SQL Server Desktop Engine (SHAREPOINT) ... If AV software install any extra IIS virtual directory, ...
    (microsoft.public.windows.server.sbs)
  • Re: Memory issues with 64-bit SQL Server 2005 on 64-bit Win 2003 C
    ... I also checked the individual patch levels for the .NET drivers, SQL Server ... The SQL Server is fully patched, however Windows Update reported that the OS ... Lock pages in memory -- I guess you might have taken care of it as well. ...
    (microsoft.public.sqlserver.clustering)
  • RE: migrating from wmsde to sql server
    ... Click Start, point to All Programs\Microsoft SQL Server, and then click ... then click New SQL Server Registration. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
Loading