I have a couple SQL Server Express Databases which are accessible through a number of asp.net/IIS websites plus Remote Desktop (me only). The web sites use integrated security and I have one user account that I use. The problem is the logs show almost continuous attempts at failed logins. These occur every 5-10 seconds or so, from one IP for about 5 minutes, then the IP changes. The user name being attempted is usually 'sa' or some variation (I don't have an 'sa' user). I have blocked several hundred of these IPs using Windows Firewall, but they just keep coming. This results in huge log files and I guess a lot of bandwidth being used. So my question: Do I have enough security in place that I don't have to really worry about this – or is there something more I should be
Sql-server – Should I worry about failed login attempts on SQL Server
sql server
Related Question
- SQL Server Security – Do Multiple SQL Server Instances Increase Security
- Azure VM Security – Many Failed Login Attempts Logged
- SQL Server – How to Stop Continuous Failed Logins
- Sql-server – Cannot see other databases in SQL Server Managed Instances using Azure AD user
- Sql-server – How to trace security_error_ring_buffer_recorded errors in SQL Server 2014 Express
- SQL Server Storage – Reclaiming Unused Space Increases Used Space
Best Answer
If possible, you should change your security approach to be denied by default, allowed by permission.
Block access from all unknown IP's. Allow access from trusted IP's.