Results 1 to 7 of 7
  1. #1
    Join Date
    Jun 2009

    MSSQL Server Attacks

    I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]"

    Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level.

    Now I have plenty of blocked IP ranges all over the world.

    What would be the best way to avoid from those kind of attacks ?

  2. #2
    Join Date
    Oct 2009
    UK - London
    Everyone has this problem... whether it's apache being attacked, MySQL or in your case MSSQL. You need to find some form of protection, whether it be network DDoS protection, hardware firewall protection or software DoS/DDoS protection. If you block IP ranges all over the world you are undoubtedly going to have issues with real, non-malicious connections to your MSSQL. Protection is vital so that these attacks are controlled automatically and minimize the amount of valid (non-malicious) connections that are blocked.

  3. #3
    Join Date
    Mar 2009
    Why is your SQL port open to the whole world ? Can't you simply limit its access at the firewall level (only to localhost + remote server(s), if any) ?
    ★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
    ★ NinjaMonitoring : Monitor your website for suspicious activities.

  4. #4
    Join Date
    Jun 2009
    Their are customers who need remote access to the server.

  5. #5
    Join Date
    Oct 2007
    Might want to consider a VPN solution for them.
    You will be bombarded by these incorrect logins and the standard sql injection attack I keep seeing on our IPS.

  6. #6
    You absolutely need to use vpn or ssh port forwarding.

    The other way is to flip your firewall rules. Default deny. Open only where the source is acceptable.

    Or, only allow connections based upon certificates. Look in Books Online. The other two are much better though.

    You can also disable remote connections for SA.
    managed dns global failover and load balance (gslb)
    uptime report for

  7. #7
    Join Date
    Jun 2009
    Thanks for support

Similar Threads

  1. Replies: 4
    Last Post: 01-30-2009, 10:12 AM
  2. MSSQL server + MSSQL express
    By Tomcatf14 in forum Web Hosting
    Replies: 5
    Last Post: 08-04-2008, 08:01 AM
  3. My server attacks to another.How can I fix.?
    By berkan3512 in forum Hosting Security and Technology
    Replies: 10
    Last Post: 11-25-2006, 12:30 AM
  4. Need Some advice on DOS attacks and other forms of attacks,
    By kayz in forum Hosting Security and Technology
    Replies: 10
    Last Post: 10-17-2006, 05:54 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts