Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Does DigitalOcean preserve snapshots of deleted droplets? Question Question
Is there a DigitalOcean Free Trial Available? Question Question

Question

Is my mssql 2017 being targeted? Am I being attacked?

Posted October 8, 2019 391 views
DigitalOcean

My mssql 2017 shows in errorlog ‘Password did not match that for the login provided. [CLIENT: 177.159.243.118]’ The ip could be 61.175.211.164 from China or others from Brazil, Iran… This is running continuously. My apps work fine. Am I being attacked?

Add a comment
By:
medbiller

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Does DigitalOcean preserve snapshots of deleted droplets? Question Question
Is there a DigitalOcean Free Trial Available? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
bobbyiliev October 9, 2019

Hello,

Most likely a bot is trying to brute-force your SQL password.

I would strongly recommend closing the SQL port via your droplet’s firewall so that no one could reach your SQL server externally. If you ever need to access the SQL instance remotely, you could whitelist only your own IP.

Regards,
Bobby

Reply Report
medbiller October 9, 2019

Sooo…I changed the sa login and implemented a stronger password. Now they have to guess the user name.

Reply Report

Related

Looking for something else?

Ask a new question Search for more help