July 30, 2010     |
Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search
Network Toaster
SQL Security Forums
Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.
Forums > Discussions > SQL Server Security
Subject: Viruses trying to find sa password in SQL 2005
Prev Next
Add Reply

Author Messages
Semih (guest)
04/24/2007 1:11 AM Quote Reply Alert 
Hi,
I've Windows 2003 Server with SQL Server 2005 installed on it.I just realized that someones or their viruses trying to find out my sa password, when i check the logs i see that there are so many failed login attempts and its bored.

I searched on net but i couldn't find anything, is there a way to block ip or smth like that? I mean like windows's login security, if you failed to login many times than the system delays you.Is SQL 2005 has option(s) like that?

Thanks.
Chip Andrews (guest)
04/26/2007 8:25 PM Quote Reply Alert 
Is there any reason you can't switch your SQL Server back to Windows Auth Mode? That would certainly put an end to your BF problem against sa. Keep in mind that SQL Server 2005 also support lockouts (as well as password complexity enforcement).

The best solution is to either firewall the host or turn of SQL Server auth.

Chip
Add Reply
Forums > Discussions > SQL Server Security > Viruses trying to find sa password in SQL 2005
Quick Reply
Username:  
Subject:  
Body:
 



ActiveForums 3.6
Copyright 1999 by Chip Andrews   |  Privacy Statement  |  Terms Of Use