我的 MS SQL Server 是否正在遭受攻击?

tag-icon tag-icon sql-server windows-server-2016
我的 MS SQL Server 是否正在遭受攻击?

我在 Windows 2016 服务器中使用 MS SQL Server 2017 Express 数据库,我发现ERRORLOGMS SQL Server 的文件每天增加 600MB。

以下内容取自该ERRORLOG文件。

这是否意味着我的 MS SQL Server 2017 Express 数据库正在受到攻击?

我该如何解决这个问题?

2019-12-22 03:36:09.34 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:09.34 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 14.253.239.25]
2019-12-22 03:36:09.34 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:09.34 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 59.127.222.102]
2019-12-22 03:36:09.42 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:09.42 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 104.238.63.33]
2019-12-22 03:36:09.70 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:09.70 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 14.253.239.25]
2019-12-22 03:36:09.70 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:09.70 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 59.127.222.102]
2019-12-22 03:36:09.74 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:09.74 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 104.238.63.33]
2019-12-22 03:36:10.06 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:10.06 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 59.127.222.102]
2019-12-22 03:36:10.06 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:10.06 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 104.238.63.33]
2019-12-22 03:36:10.06 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:10.06 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 14.253.239.25]
2019-12-22 03:36:10.39 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:10.39 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 104.238.63.33]
2019-12-22 03:36:10.41 Logon       Error: 18456, Severity: 14, State: 8.
2019-12-22 03:36:10.41 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 14.253.239.25]
2019-12-22 03:36:10.42 Logon       Error: 18456, Severity: 14, State: 8.

答案1

这是否意味着 MS SQL Server 2017 Express 数据库遭受攻击?

看起来是的。

我该如何修复这些问题?

阻止从互联网访问您的 SQL 服务器。为什么它会暴露在互联网上?

答案2

您的 SQL 服务器肯定正在遭受登录攻击。安装有 SQL Server 的计算机几乎 100% 暴露在互联网上时都会发生这种情况。

这是一个仅允许特定 IP 地址的选项(你可能需要做一些研究来了解如何做到这一点)

如果您已打开 RDP 或 SSH 以访问互联网:

如果这是在 Linux 服务器上,并且您已将 SSH 开放到互联网,则您很可能正在遭受 SSH 攻击。请查看本指南。

如果您使用的是 Windows Server,并且已将 RDP 开放到互联网,则您可能也已连接到 RDP。请查看本指南。

最好不要将其开放到互联网,但如果确实需要,您需要确保您的机器或防火墙上的安全性设置正确。

相关内容