Post reply

Possible Hack attempt

  • February 7, 2012 at 12:06 am

    #251036

    Hi All

    I have failed logins that I do not know if it is a Virus or an attempt to hack. On all my SQL servers I see failed logins for sa, probe, admin and sql. Has anyone seen this behaviour before from a virus or is this a hack attempt?

    I have also read that this could be some audit program that checks if the SQL is secure.

    What is baffeling is that it only attemps to login for a ver short time.

    Log From one of my server.

    02/06/2012 13:21:08,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:28:12,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:30,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:30,Logon,Unknown,Login failed for user 'sql'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:30,Logon,Unknown,Login failed for user 'probe'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:30,Logon,Unknown,Login failed for user 'probe'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:30,Logon,Unknown,Login failed for user 'admin'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:30,Logon,Unknown,Login failed for user 'admin'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:29,Logon,Unknown,Login failed for user 'admin'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    02/06/2012 12:10:29,Logon,Unknown,Login failed for user 'sa'. [CLIENT: 10.50.3.81]

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Do not reinvent the wheel.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  • February 7, 2012 at 1:50 am

    #1443586

    I've seen that, was the IT security team running a test against my DB. Chat with your sysadmins, with your IT security people

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply