Home > database > SQL server is the native IP login crack in the middle of the sa password, how to troubleshoot? Insta
SQL server is the native IP login crack in the middle of the sa password, how to troubleshoot? Insta
Time:10-24
Things cause, there is a service company in the server once attempted extortion virus (found in time, by killing ended), server 360 antivirus installed the latest patches and the complete set, using normal recently, only check Windows log, regularly every day have a such attacks, using the native IP, attack time is less than a minute, every second records below send
All talked, did not find where is attacked, excuse me, this kind of situation, how to troubleshoot?
CodePudding user response:
System, Windows 2012 used to 2008
CodePudding user response:
May be timed tasks and so on
CodePudding user response:
Login from 127 would be a little SAO, look at the timing task (though this silly does not generally), core or look at the process, what strange process, especially the powershell
CodePudding user response:
The possible reasons: 1, not killing machine clean, there is still a Trojan program 2, the machine has a timing task, login to perform some database operations (such as backup task) 3, the machine has a particular program, the login database to perform some operations (such as update some data)