Jim Lawrence
accessd at shaw.ca
Sun Feb 13 12:33:51 CST 2005
Hi Steve: Is you port 1433 open. That, by default is the port that your SQL listens. In many commercial application the SQL port is changed so hackers will not be able to find it as easily over the web. See (http://insight.zdnet.co.uk/hardware/servers/0,39020445,2111369,00.htm) You should change MS SQL listen port. I have only worked on closed network SQL applications so am unfamiliar with method of setting up the host and clients. Some of the list gurus know all the paticulars. I do not know how your 'friends' are getting but check router settings. (I am assuming you have a configurable or firewall router. If not get one; firewall software can be compromised but it is much more difficult to compromise hardware, it is a heck of a lot faster, the processing is not actually running on the computer being hacked and the last thing a development computer needs is another process stealing cycles. Oh yes, if you do have a router, change the login password to anything other than 'admin'.) Directed to my main server I only have 3 ports open. If I scan the router logs I can see a steady pinging of about once every 20 seconds... I think this is fairly standard web traffic. A few months ago, it appeared that from the logs the router was been hit every 2 seconds from a particular location. After checking the IP location (Sam Spade) it turned out to be from some place in Isreal. Though the specific person could not be located just sending an abuse request to the hackers ISP resulted in an almost immediate termination of the scanning. HTH Jim -----Original Message----- From: dba-sqlserver-bounces at databaseadvisors.com [mailto:dba-sqlserver-bounces at databaseadvisors.com] On Behalf Of Steve Erbach Sent: Sunday, February 13, 2005 8:32 AM To: dba-sqlserver at databaseadvisors.com Subject: [dba-SQLServer] Logins on workstation Dear Group, I downloaded the DB Designer 4 from FabForce to check it out. I thought I'd see what it could do with a database I've got on my workstation's copy of SQL Server 2000. It has helped me in my development of a .NET application. Anyway, my SQL Server uses Windows authentication and I change my workstation password every 60 days. Imagine my surprise today when I looked at the Logins under Security for my server...and I found 459 logins!!!!!!!????? What the heck, over? I looked at the properties for a bunch of these bogus logins and I see that all the Authentication options are disabled, but there's a password listed and the radio button for SQL Server Authentication is selected. None of these users (at least the ones I've checked so far) have no Server roles selected nor do they have permissions for any of the databases I've got. Now this is creeping me out because: 1) I have a Router 2) I use ZoneAlarm Pro Looking at my ZoneAlarm Pro settings, I see that the settings I used to have for blocking incoming UDP and TCP requests on the SQL Server ports are gone. Does this mean that, since I have my SQL Server running all the time on my workstation, that SQL Server requests have been made hundreds of times and neither my router's firewall nor ZoneAlarm has raised a red flag? Any thoughts on this? My period of alarm is past since it appears that none of these Logins have access to anything...but how did they get into my server? Regards, Steve Erbach Scientific Marketing Neenah, WI www.swerbach.com Security Page: www.swerbach.com/security _______________________________________________ dba-SQLServer mailing list dba-SQLServer at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-sqlserver http://www.databaseadvisors.com