Is my mssql 2017 being targeted? Am I being attacked?

October 8, 2019 92 views
DigitalOcean
7301f1b26fe48dbcb7113552c5da377a20dc3af6
By:
medbiller

My mssql 2017 shows in errorlog ‘Password did not match that for the login provided. [CLIENT: 177.159.243.118]’ The ip could be 61.175.211.164 from China or others from Brazil, Iran… This is running continuously. My apps work fine. Am I being attacked?

Log In to Comment
2 Answers
bobbyiliev MOD October 9, 2019

Hello,

Most likely a bot is trying to brute-force your SQL password.

I would strongly recommend closing the SQL port via your droplet’s firewall so that no one could reach your SQL server externally. If you ever need to access the SQL instance remotely, you could whitelist only your own IP.

Regards,
Bobby

Reply
medbiller October 9, 2019

Sooo…I changed the sa login and implemented a stronger password. Now they have to guess the user name.

Reply
Have another answer? Share your knowledge.

Related