1

I checked my SQL Server 2008R2 log in Log File Viewer and found out that someone from China keeps trying to login as 'SA' all the time, but failed of course.

Is there anyway to prevent these hackers attacking my server?

Thanks in advance.

enter image description here

squillman
  • 37,618
  • 10
  • 90
  • 145
nonintanon
  • 13
  • 3
  • You could try using a non-standard port, so instead of 1433 use something else. Note this is not a cure-all security measure though, merely a speed bump... – kafka Aug 07 '12 at 15:47
  • @kafka I've several websites running. Changing port is the only option? – nonintanon Aug 07 '12 at 15:49
  • @nonintanon You should use a firewall to only allow white-listed IPs and reject or (I prefer) silently discard everything else. That's pretty much essential for any public-facing, private web services. Do things like disabling ICMP echo will actually reduce instances of this - many script kiddies will start with a ping and if they get nothing back they'll move on. – DaveRandom Aug 07 '12 at 15:50
  • @DaveRandom what if those IP is shared IP, like from campus or something, that would mean I block all of them? – nonintanon Aug 07 '12 at 15:51
  • @nonintanon Yes, but do you really need to allow those people to connect directly to you *SQL Server*? Normally you'd have an application in front of the database that the users are connecting to, and only the application talks to the database itself - so the app server(s) are the only IPs that need to be white-listed. – DaveRandom Aug 07 '12 at 15:53
  • @DaveRandom Thanks. Seem like I've lot of works to do tonight. – nonintanon Aug 07 '12 at 16:04

2 Answers2

6

Use firewalls - why on earth is that port (or any ports on an SQL server) open to the rest of the world?

Most business have multiple network tiers;

  • start with a firewalled/load-balanced web tier which has a firewall between it and the application tier allowing just the specific IPs and ports of known web servers in the web tier to talk to specific application servers in the application tier.
  • the application tier can only talk to specific IPs and ports in the web tier and can only talk to the DB server, again firewalled, by IP and port.
  • the DB tier which again is firewalled and only allowed to talk to the application tier servers by IP and port.

Some (myself included) also have a secure tier behind the DB tier to handle any data that's particularly sensitive or contractually has to be more secure.

This is a model used extensively and generally proves to be very safe. The idea of exposing your SQL management port outside literally made my spine shiver, please stop this or you WILL be back looking for THIS.

Community
  • 1
Chopper3
  • 100,240
  • 9
  • 106
  • 238
  • It's actually my personal server and I need to access it from home which is dynamic IP. – nonintanon Aug 07 '12 at 15:59
  • You're on the wrong site then, home user questions usually go through superuser.com - basically buy a static. – Chopper3 Aug 07 '12 at 16:00
  • Little confuse about diff between these site though. Anyway, after reading the link you post, I've to do what you suggest. Thanks! – nonintanon Aug 07 '12 at 16:04
  • It's in the FAQ, did you skip it? we can see who did and didn't... – Chopper3 Aug 07 '12 at 16:05
  • Yeah, I admit that I skip it. English is not my language. I saw SQL Server tag in this place so I thought my question would be in the right place. – nonintanon Aug 07 '12 at 16:07
2

Put a firewall in front of it with address restrictions. If you absolutely need the SQL server to be public facing and open to the Internet then you're going to have to work to keep it secured. If all you are doing is running web sites off of them then it should be easy to lock it down to just the addresses of your web server(s).

Better yet, put a firewall in front of your SQL server and your web servers and only allow incoming connections to your web servers.

squillman
  • 37,618
  • 10
  • 90
  • 145
  • It would be better like you said but unfortunately I've websites and database running in the same box. I need the SQL server open because I'm accessing it from my home for development and it's dynamic IP. – nonintanon Aug 07 '12 at 15:56
  • 2
    Bull. Put the windows firewall in front. Put ut RRAS to allow a VPN connection to the box, allow that in the firewall. Use this to connect to the box from home, then use the VPN to connect to SQL Server. AT LEAST, otherwise, CHANGE THE PORT TO ANOTHER ONE. Simle, keeps script kiddies away. I ran a similar setup for quite some time, andI do even now - the ONLY thing the box accepts is PPTP (in this case not even port 80 - all stuff in the box is nonpublic). – TomTom Aug 07 '12 at 16:00
  • @Tom beat me to it – squillman Aug 07 '12 at 16:03