Is my mssql 2017 being targeted? Am I being attacked?

Question

My mssql 2017 shows in errorlog ‘Password did not match that for the login provided. [CLIENT: 177.159.243.118]’ The ip could be 61.175.211.164 from China or others from Brazil, Iran… This is running continuously. My apps work fine. Am I being attacked?

Answer 1

bobbyiliev October 9, 2019

Hello,

Most likely a bot is trying to brute-force your SQL password.

I would strongly recommend closing the SQL port via your droplet’s firewall so that no one could reach your SQL server externally. If you ever need to access the SQL instance remotely, you could whitelist only your own IP.

Regards,
Bobby

Reply Report

Answer 2

medbiller October 9, 2019

Sooo…I changed the sa login and implemented a stronger password. Now they have to guess the user name.

Reply Report

Related

Question

Is my mssql 2017 being targeted? Am I being attacked?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Is my mssql 2017 being targeted? Am I being attacked?

Related

Leave a comment

Related

question

Does DigitalOcean preserve snapshots of deleted droplets?

question

Is there a DigitalOcean Free Trial Available?

question

Price difference for: (a) One droplet with multiple domains, and (b) multiple droplets, with the exact same combined usage between a & b

question

What is Cloud Hosting?

Looking for something else?