var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
MSSQL Server Attacks
I can see lot of MSSQL Server attacks. In event viewer "Login failed for user 'sa'. [CLIENT: Some IP]"
Most of the attack coming from Chaina. Tipically what I'm doing manually is get that entire IP range and block from Windows Firewall level.
Now I have plenty of blocked IP ranges all over the world.
What would be the best way to avoid from those kind of attacks ?
Everyone has this problem... whether it's apache being attacked, MySQL or in your case MSSQL. You need to find some form of protection, whether it be network DDoS protection, hardware firewall protection or software DoS/DDoS protection. If you block IP ranges all over the world you are undoubtedly going to have issues with real, non-malicious connections to your MSSQL. Protection is vital so that these attacks are controlled automatically and minimize the amount of valid (non-malicious) connections that are blocked.
Why is your SQL port open to the whole world ? Can't you simply limit its access at the firewall level (only to localhost + remote server(s), if any) ?
★ NinjaFirewall :
Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring :
Monitor your website for suspicious activities.
Their are customers who need remote access to the server.
Might want to consider a VPN solution for them.
You will be bombarded by these incorrect logins and the standard sql injection attack I keep seeing on our IPS.
You absolutely need to use vpn or ssh port forwarding.
The other way is to flip your firewall rules. Default deny. Open only where the source is acceptable.
Or, only allow connections based upon certificates. Look in Books Online. The other two are much better though.
You can also disable remote connections for SA.
By JeanM in forum Employment / Job Offers
Last Post: 01-30-2009, 10:12 AM
By Tomcatf14 in forum Web Hosting
Last Post: 08-04-2008, 08:01 AM
By berkan3512 in forum Hosting Security and Technology
Last Post: 11-25-2006, 12:30 AM
By kayz in forum Hosting Security and Technology
Last Post: 10-17-2006, 05:54 PM