This section describes two methods to check whether the sqlserver server is intruded:
1. After intruders intrude into the server, they usually open 3389 of the server, create hidden users, and then log on. We only need to go to the C: \ Documents ents and settings directory to check whether there is a user name available, whether hidden or not, it will be displayed here.
2. Some intruders prefer to keep a high-privilege SQL Server database user. As a backdoor, we can open the SQL Server Query analyzer and then open the master-system table-DBO in sequence. sysxlogins: In the name column of this window, you can see the user of the sqlserver database. Generally, there are three users, one is SA, the other is builtin \ administrators, and the other is null, if there are other users, they may be infiltrated or the situations I mentioned above, so pay attention to them. Of course they are not necessarily the three users.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
