Dear all,
My server was attacked.There are a lot of IP address which redirect to sa account ? Please look like my image as attach file !
Give me an advice !
Thank you so much !
Ensure you have another login that has sysadmin privileges, and then:
- Disable the sa login
- Rename the sa login
- Change the password on the sa login to a very long password, and preferably one you don't even know
Check with your networking group to see if they have logs about these attacks. From there they can set up a firewall on your network to block any IP addresses outside your local network. You can also set up the SQL Server's local Windows firewall to do the same. In any case you still need to disable sa.
If at all possible, use Windows authentication only for your SQL Server. If you must use SQL authentication, limit the permissions that the SQL logins have. No SQL login should have sysadmin privileges. SQL logins should also enforce password strength and expiration policies.
3 Likes