Dear all,
My server was attacked.There are a lot of IP address which redirect to sa account ? Please look like my image as attach file !
Give me an advice !
Thank you so much !
Dear all,
My server was attacked.There are a lot of IP address which redirect to sa account ? Please look like my image as attach file !
Give me an advice !
Thank you so much !
Ensure you have another login that has sysadmin privileges, and then:
Check with your networking group to see if they have logs about these attacks. From there they can set up a firewall on your network to block any IP addresses outside your local network. You can also set up the SQL Server's local Windows firewall to do the same. In any case you still need to disable sa.
If at all possible, use Windows authentication only for your SQL Server. If you must use SQL authentication, limit the permissions that the SQL logins have. No SQL login should have sysadmin privileges. SQL logins should also enforce password strength and expiration policies.