Responding to a hacker attack a case in a SQL Server database

Source: Internet
Author: User

Recently found hanging on the Web server somehow restarted, that server is now primarily the start of the IIS service, SQL SERVER service.

Telnet The system response was found to be very slow. A noticeable sense of stagnation, open Task Manager, CPU in basic usage 30% approx. Open Event Viewer, a large number of levels for the information source is mssql$pncsms, the event ID is 18456. The task category is a logged-on record. Almost 24 hours uninterrupted, 15 records per second, the content of each record is roughly the same, such as "User ' sa ' login failed."

Cause: The login name that matches the provided name is not found. [client:60.191.144.214] "only the username are sometimes different. ClientIP addresses also change over time (minutes to hours). This IP address is found in Hunan, Henan and other locations.

It is very clear that someone is attempting to invade the database using the traversal password method. So renamed the database SA, the database of IP all TCPPort, from the default of 1433 to another port number (all applications have to follow the connection string, pain!)

)。 Restart the service, run a day, and then look at the Event Viewer, no longer found similar records, CPU utilization decreased to about 5, the system response significantly faster. The problem has been satisfactorily resolved.

To prevent hackers from traversing the system login account. Administrator was renamed, but after renaming, SQL Server could not start. Found SQL SERVER in the service and set the logon account again with the new system logon account. When the computer restarts, SQL Server starts successfully.







Copyright notice: This article blog original article. Blogs, without consent, may not be reproduced.

Responding to a hacker attack a case in a SQL Server database

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.