March 10, 2004 at 8:04 am
I beg your pardon for duplicating my earlier post (in SQL Server Yukon Beta -Administering Forum)
I have a serious issue , I have my SQL Server2000 Installed on a Windows2000 OS and I have only one database on this SQL Server right now which supports my application. The problem is the SA password is getting automatically changed every 2 days. I am not running any jobs on the server, and in reply to my post in the above forum, one of the SQL pro's wanted me to verify if there is any virus on the system, I am wondering if there is any virus which corrupts the password periodically?
Thanks in Advance and sorry once again to have duplicated the post.
Prasad Bhogadi
www.inforaise.com
March 11, 2004 at 2:12 pm
Is your server exposed to the internet or any other network? The sa password that you have chosen (based on information provided in the other thread) is highly vulnerable to being hacked. If you are exposed to other users (or potential hackers) you should consider a password of at least six characters, at least a couple of which should be numeric, and one or two special characters (-,_,#, etc).
I'm not a hacker, so I'm not very good at it. But I promise you that if I didn't know it, I could hack your password in less than a second.
Steve
March 12, 2004 at 1:26 am
Thanks Steve,
Well, yes my server is exposed to Internet, but only a section of known people know about its details, its basically a staging server on which we are testing one of our online products from India and USA.
Well I will try to implement your suggestion of having atleast 6 character password.
However I am wondering if we can track by running a SQL Trace and tracking if sp_password is run anytime, will this help?
Thanks
Prasad Bhogadi
www.inforaise.com
March 12, 2004 at 6:32 am
Use Profiler
If none of your known persons are supposed to logon using "sa" , turn Security Audit Level to ALL for debugging.
If required alter sp_password to log any executions of that procedure.
I think someone is hacking into your server.
March 12, 2004 at 7:39 am
I would not use a 6 character password. We require no less than 8 characters and I require (and use) 12 character passwords for SQL Server. The passwords must have UPPER and lower case letters, numbers, and symbols.
Before you change your password, you should make sure:
1. you don't have a virus.
2. you don't have spyware installed.
If you have spyware, it could be 'catching' your keystrokes and sending password changes to someone else. You'll need to 'clean' your system of spyware/virus' BEFORE changing the password.
Or take it offline, change the password, clean out the spyware/virus and once it's clean, then and only then go back online.
You might also consider, is your SQL Server behind a firewall? What port are you using (you can change the TCP port SQL Server uses). Does your firewall filter on IPs? Does it only allow through those IPs that are allowed access to your SQL Server?
-SQLBill
March 12, 2004 at 8:00 am
Unless the master database uses a case-sensitive collation (which would be unusual and requires changing the collation when the server or instance was installed), SQL passwords are case-insensitive...
--Jonathan
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply