Welcome to WebmasterWorld Guest from 23.20.186.146

Forum Moderators: ocean10000

Message Too Old, No Replies

SQL database getting hammered

Is there a way to limit password tries

     
5:16 pm on Dec 22, 2010 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Not my field but it is effecting SEO so why the question. Not all the time but lets say once a week our main database server is hammered from repeated (auto generated) attempts to get in by user name and password. The attack is such is stalls the server so bad it brings the sites to a crawl. Right now all IT is doing is getting the IP's and blocking them.
Is there another way to limit the number of attempts and after a certian number block them for some time period?

I can tell you when it happens from whith Google WM area and can't seem to get IT to find a solution to this problem.
5:23 pm on Dec 22, 2010 (gmt 0)

WebmasterWorld Administrator lifeinasia is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



My opinion is that they are going about things the wrong way. Instead of blacklisting IPs that are denied access, they should whitelist IPs that ARE allowed access (and block everyone else).

Is there a particular reason why anyone other than your web sites (and except for maybe a handful of IPs belonging to DBAs) should have direct access to your database?
6:15 pm on Dec 22, 2010 (gmt 0)



erm, a few lines of asp.net code validating each password logon attempt , session cookies, validating logon attempts to user ip , account lockout,,

at least one popular forum software has this built in, php tho, but can be done in asp.net
7:56 pm on Dec 22, 2010 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Yes guys I finally found some info to give them and have. It just flat drives me nuts with the put me off attitude. I will stay on this very hard.
Life I feel the same way when I started asking why I am getting all these errors in my WM account and was told how this was being addressed.
Thanks
11:30 am on Dec 23, 2010 (gmt 0)

10+ Year Member



Is it SQL Server - change from the default port number for a start if on webserver
2:52 pm on Dec 30, 2010 (gmt 0)

5+ Year Member



If your database server is on the same local network as your web server, which it should be, you should be able to black list all database connections not coming from your local network. Either that, or white list any web server that you want to login to your database, and block the rest.

If the database is on the same machine as the web server, you can allow local host connections only.

Pretty much any web guy can do either one of these changes in < 10 min, so they shouldn't put you off for to long..
 

Featured Threads

Hot Threads This Week

Hot Threads This Month