Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
esthera
Master Smack Fu Yak Hacker
1410 Posts |
 Posted - 2009-10-28 : 09:41:29
|
| recently for a program I had to open sql to the main port -- now since I did this we are finding the following in the windows log. from my program i log in with a username and password that I set up in sql. - but from this log it looks like someone is trying to log in as sa but failing (but causing the server each time to put out the error) - what can I do to fix this and make this more secure? (I never log in as sa)in my windows log i'm finding Event Type: Failure AuditEvent Source: MSSQLSERVEREvent Category: (4)Event ID: 18456Date: 28/10/2009Time: 10:22:31User: N/AComputer: computernameDescription:Login failed for user 'sa'. |
|
|
YellowBug
Aged Yak Warrior
616 Posts |
Posted - 2009-10-29 : 07:15:24
|
| Try to determine the source of the failed connection.Check the SQL Server Errorlog for the state of the 18456 error.This link may help: http://www.eraofdata.com/blog/2009/01/loginfailures/ |
 |
|
|
esthera
Master Smack Fu Yak Hacker
1410 Posts |
Posted - 2009-10-29 : 07:38:35
|
| so it tell me the ip and I don't recognize it?that's why i'm afraid this is a hacker - what can i do? |
|
|
|
YellowBug
Aged Yak Warrior
616 Posts |
Posted - 2009-10-29 : 08:03:09
|
| Use WHOIS to look up the IP address range.Speak to your network admin and discuss blocking 'em. |
|
|
|
esthera
Master Smack Fu Yak Hacker
1410 Posts |
Posted - 2009-10-29 : 08:20:22
|
| I did and it's in china but we keep having more ip addresses and the sysadmin says he can't block them all.Is there anything else to do? |
|
|
|
|
|
|
security problems