Login failed for user 'sa'.

In my event viewer, I am getting a Failure Audit message with source MSSQLSERVER that says Login failed for user 'sa'.  [CLIENT: 98.174.230.19].  All my databases use Windows Authentication.  Is this someone trying to hack the server?  If so, how do I stop it?
kdataAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SCarrisonCommented:
It would seem that a machine on the internet with the IP address 98.174.230.19 is attempting to login to your database server with the sa account.

Firstly, your database server should not be available directly via the internet - this is terribly bad practice from a security and sys admin point of view.  If your server is behind a firewall or router make sure that SQL ports are not being fowarded from the internet into your LAN.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kdataAuthor Commented:
Thanks for the advice.  I closed the port on the router and that stopped the intrusion without affecting our network access.  I am not sure why the port was open in the first place.
0
AmericomCommented:
Even you have set your SQL to use Windows Authentication, it does not mean that you cannot use the SA account. You may want to check on the client IP address and find out where ther actual source is coming from and if it's one of your SQL admin trying to use it. Or if there's any other admin tools trying to use that account.
0
zeltrustCommented:
I know this is a long time issue...may i know what port is that you closed??
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.