homepage Welcome to WebmasterWorld Guest from 50.17.177.99
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
Forum Library, Charter, Moderators: ocean10000

Microsoft IIS Web Server and ASP.NET Forum

    
SQL database getting hammered
Is there a way to limit password tries
bwnbwn




msg:4245256
 5:16 pm on Dec 22, 2010 (gmt 0)

Not my field but it is effecting SEO so why the question. Not all the time but lets say once a week our main database server is hammered from repeated (auto generated) attempts to get in by user name and password. The attack is such is stalls the server so bad it brings the sites to a crawl. Right now all IT is doing is getting the IP's and blocking them.
Is there another way to limit the number of attempts and after a certian number block them for some time period?

I can tell you when it happens from whith Google WM area and can't seem to get IT to find a solution to this problem.

 

LifeinAsia




msg:4245263
 5:23 pm on Dec 22, 2010 (gmt 0)

My opinion is that they are going about things the wrong way. Instead of blacklisting IPs that are denied access, they should whitelist IPs that ARE allowed access (and block everyone else).

Is there a particular reason why anyone other than your web sites (and except for maybe a handful of IPs belonging to DBAs) should have direct access to your database?

scooterdude




msg:4245284
 6:15 pm on Dec 22, 2010 (gmt 0)

erm, a few lines of asp.net code validating each password logon attempt , session cookies, validating logon attempts to user ip , account lockout,,

at least one popular forum software has this built in, php tho, but can be done in asp.net

bwnbwn




msg:4245327
 7:56 pm on Dec 22, 2010 (gmt 0)

Yes guys I finally found some info to give them and have. It just flat drives me nuts with the put me off attitude. I will stay on this very hard.
Life I feel the same way when I started asking why I am getting all these errors in my WM account and was told how this was being addressed.
Thanks

haggul




msg:4245555
 11:30 am on Dec 23, 2010 (gmt 0)

Is it SQL Server - change from the default port number for a start if on webserver

joer80




msg:4247458
 2:52 pm on Dec 30, 2010 (gmt 0)

If your database server is on the same local network as your web server, which it should be, you should be able to black list all database connections not coming from your local network. Either that, or white list any web server that you want to login to your database, and block the rest.

If the database is on the same machine as the web server, you can allow local host connections only.

Pretty much any web guy can do either one of these changes in < 10 min, so they shouldn't put you off for to long..

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft IIS Web Server and ASP.NET
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved