Hundreds of websites under attack and Microsoft are you doing something?

re: Hundreds of websites under attack and Microsoft are you doing something?

tlichty — Fri, 19 Dec 2008 20:04:56 GMT

"I agree with you. My SQL server is behind a second firewall. I am not using sa but a simple user with read access only See my new post about the matter, it's really new for me and apparently thousands of us, because this time it's coming through a cookie executing some SQL commands along the request stream. Prove me wrong, but it's the first time I heard that a cookie can execute itself! If it's not a flaw, what is it? Paschal"

I agree with tmorton and everyone else. No traffic from the internet should come any where NEAR your SQL server. We have a firewall in front of our web servers. Then a second firewall in front of our SQL servers that only allow traffic from the internal network to it.

DB servers should never be accessible to the web. I'm not sure how you sleep at night if they are.

re: Hundreds of websites under attack and Microsoft are you doing something?

tmorton — Fri, 19 Dec 2008 17:30:51 GMT

Not sure how your failure to secure your server is Microsoft's fault? You say you have covered the basics, but that's really not good enough. Your server security is only as good as your weakest point.

My suggestion is to open a paid support ticket with Microsoft, so that they can formally help you resolve the issue(s).

re: Hundreds of websites under attack and Microsoft are you doing something?

Darren Kopp — Fri, 19 Dec 2008 17:01:23 GMT

"Darren you are entittled to your opinions, but UrlScan is setup and installed. It has works for two days, and now the attacks are comng back. Then I tested mycode and servers using all the tools I could find, nothing has changed. Now you tell me why so many websites are caught with this crap. Do you call them all stupid? -- P."

don't b*tch about microsoft. secure your servers and your code.

and why don't you just install UrlScan. 3.0 is in beta right now.

re: Hundreds of websites under attack and Microsoft are you doing something?

David Taylor — Fri, 19 Dec 2008 15:59:11 GMT

Obvious question is do you have SQL open at the firewall to external users.

Hey - is this your dedicated server? If so why don't you install a packet sniffer and actually see what they are doing instead of trying to guess ;-)

Dave

re: Hundreds of websites under attack and Microsoft are you doing something?

gt1329a — Fri, 19 Dec 2008 15:17:55 GMT

I'm glad you posted this. I checked in on our servers and found one that's been under a brute force attack for a couple days now.

All of the attempts on our server have come from 72.26.227.42.

re: Hundreds of websites under attack and Microsoft are you doing something?

Jonathan — Fri, 19 Dec 2008 14:50:05 GMT

Glad you found the source of it man. I have my DB server safely locked away behind a firewall only access is via the main web servers

re: Hundreds of websites under attack and Microsoft are you doing something?

ca8msm — Fri, 19 Dec 2008 13:29:07 GMT

It's probably just a hex injection. Properly secured code and web pages shouldn't be affected by this though and it's not a new problem.

re: Hundreds of websites under attack and Microsoft are you doing something?

andrex — Fri, 19 Dec 2008 13:28:11 GMT

Looks like server just scanned for specific for open MS SQL ports and brute force attack with dictionary. It's not related to any site or web.config.

I see this on few servers (for last, fresh server, attack was started in 3 hours after I am install MS SQL!!!)

I am solve this problem very easy. Block access to MS SQL ports via firewall (access allowed only for specific IP)

re: Hundreds of websites under attack and Microsoft are you doing something?

Jonathan — Fri, 19 Dec 2008 13:05:07 GMT

I know this is an obvious statement but have you tried encrypting your connection strings ?

I hope you get to the bottom of it soon dude

Hundreds of websites under attack and Microsoft are you doing something? - help.net

Fri, 19 Dec 2008 12:59:32 GMT

Pingback from Hundreds of websites under attack and Microsoft are you doing something? - help.net