Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
muzzettemm
Posting Yak Master
212 Posts |
 Posted - 2009-10-12 : 01:43:42
|
| Hi guys I have a problemThe event logs show a brute force attack attempt to login to the SQL server as user 'Sa'. It looks like someone has been randomly attempting login as Sa for the last couple of days at least. Each time they try to guess the password, they attempt login as Sa up to 20 times per second. I did a Google search for "server attack by user sa" and found this happens to many SQL servers that are accessed via the internet. As long as the password is very complex we are probably ok. Disabling the account is also a possibility, though this is beyond my expertise a bit. I need to disable the SA account but I am wondering if that is the best course of action. I need to either disable the Sa account or create another accoutn with the same permissions. Pleas advise |
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2009-10-12 : 02:33:05
|
The obvious question is "Why does a web app use the SA account in the first place?".This is wrong on SO many levels...
N 56°04'39.26"E 12°55'05.63" |
 |
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2009-10-12 : 10:10:28
|
You could also change the name of the SA login:alter login SA with name = NewNameForSA You should also consider altering your network configuration so that the SQL Server is not exposed to the Internet.CODO ERGO SUM |
|
|
|
|
|
|
sA Attack