SQL Failure Audits
I have a windows 2003 server which I am using as a web server.
Checking the event viewer I have noticed alot of failure audits for "MSSQL$SQLEXPRESS"
Looks like someone is trying to force there way in to this.
copy of one report
"Login failed for user 'admin'. [CLIENT: 83.166.2.219]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."
Can someone help me perhaps block this down so only my server can connect locally to MSSQL.
I will not be connecting to the database externally, or if you have any advise that would be great.
Thanks guys, gals
Checking the event viewer I have noticed alot of failure audits for "MSSQL$SQLEXPRESS"
Looks like someone is trying to force there way in to this.
copy of one report
"Login failed for user 'admin'. [CLIENT: 83.166.2.219]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."
Can someone help me perhaps block this down so only my server can connect locally to MSSQL.
I will not be connecting to the database externally, or if you have any advise that would be great.
Thanks guys, gals
If your SQL is only accessed by the local machine then simply don't allow connections other than local:
First Launch SQL Computer Manager
Then Expand "Server Network Configuration"
> Expand Protocols for "SQLEXPRESS"
> Enable Np (for local access only)
> Enable TCP (for local access only)
Lastly Restart SQL Express
This should solve that problem 100%
-D-
First Launch SQL Computer Manager
Then Expand "Server Network Configuration"
> Expand Protocols for "SQLEXPRESS"
> Enable Np (for local access only)
> Enable TCP (for local access only)
Lastly Restart SQL Express
This should solve that problem 100%
-D-
ASKER
Thanks for your reply,
dimante:- I can not find where it says (for local access only) when enabled Np or TCP
Can you please let me know what I should be seeing.
when I enable Np or TCP the only option it gives me is enable or disable
dimante:- I can not find where it says (for local access only) when enabled Np or TCP
Can you please let me know what I should be seeing.
when I enable Np or TCP the only option it gives me is enable or disable
How about as a test disable TCP and see if your app still works. If it does that will solve the issue.
ASKER
no this did not work, i am guessing I will need to change my sql connection string ?
Are you using a DSN or DSNLess connection?
ASKER
DSNLess
Provider = SQLNCLI; Data Source=IP; Initial Catalog=db_name; User ID=username; Password=password;
Provider = SQLNCLI; Data Source=IP; Initial Catalog=db_name; User ID=username; Password=password;
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Nearly right,
here is the correct SQL statement for anyone read:
Provider = SQLNCLI; Data Source=\\<computer name>\pipe\MSSQL$SQLEXPRES
Not had a single Failure Audit since.
Many Thanks dimante
here is the correct SQL statement for anyone read:
Provider = SQLNCLI; Data Source=\\<computer name>\pipe\MSSQL$SQLEXPRES
Not had a single Failure Audit since.
Many Thanks dimante
Excellent! And most secure for your situation ;-)
- Never have a blank 'sa' password
- Use NT Authentication only, not SQL authentication
- Don't use localsystem for the SQL Server startup account, create a restricted user account
- Put SQL behind a firewall or use Proxy Server/ISA Server to protect /limit who can connect to it
- Apply the latest security patches to your system.
With SQL Server 2000 if you're only using it locally, you can unbind TCP/IP and named pipes, local access can be done via Shared Memory. I take it you're using SQL Server Express 2005? I'm not familiar with that, have a look at the documentation: http://www.microsoft.com/sql/editions/express/default.mspx