I'm suffering an attempted invasion by brute force. A bot is trying to figure out the sa password. How do I restrict logins 3 attempts in SQL Server?
Moreover, I would like to block an IP, how can I do this?
SnapOverflow
I'm suffering an attempted invasion by brute force. A bot is trying to figure out the sa password. How do I restrict logins 3 attempts in SQL Server?
Moreover, I would like to block an IP, how can I do this?
to go into a little bit more detail on what everone else is sorta saying, sql server was never intended to be accessed directly from the internet. The way you should access it is through a firewall, and preferably have all http requests forward to a web server which then send any sql stuff to the sql server. You should not be able to get direct access to sql server from the internet.
If you are using SQL Server 2005 and above then YOU can use LOGON triggers for this.
Refer this excellent article by security expert Brian Kelley
http://www.sqlservercentral.com/articles/Security/66151/
But you are better off handling this before it touches your SQL Server.
My sshd_block script, which monitors the event log for messages from an SSH daemon and black-holes the source IP address after a sufficient number of failed logons (or a single failed logon for a specific user like, say, "root" or "sa") could probably be adapted for the purposes you're looking for.
I don't have the spare time to do it right now. The license would allow you to do it yourself. If I find some time I might do it myself just to have that functionality in the script.
Having said all that, is there any reason why you need the entire Internet to be able to connect to your SQL Server instance? A host-based firewall rule that limits the ability to connect to the SQL Server port would go a long way toward stopping this, too. It's difficult to imagine that you have an application that needs direct SQL Server access from the entire Internet.