• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Disable SA user for remote Access (SQL Server)

E

elenlace

Guest
Hi,

I was just wondering if there is a way to disable the 'SA' user for SQL Server Express 2005 exclusively for Remote Access (through port 1433).

If that is not possible, will renaming the SA user to a different username would affect Plesk? I guess is just a matter of changing the username in the Plesk Admin Panel (Servers > Database > MS SQL)

I intend to do what is explained here:

http://www.sql-server-performance.com/faq/system_administrator_role_p1.aspx

We just had a security issue on a brand new Windows Server 2003R2 with Plesk 8.2 server where after a few hours of the server being delivered to us, the server was infected with a Backdoor.

After some research, it seems they got in through SQL Server Express 2005 using the SA account.

We want a solution that is not just closing port 1433, our customers demand the need to be able to administer their SQL databases remotely.
 
1. I dont think changing SA will work as Plesk seems to be connecting using its password only - however, other experts may have different opinions. No harm in trying it for once I guess as SQL Server is totally alienated from Plesk if your Plesk database is using Access DB.

2. Having a very long and strong password for SA should do the job. You normally wont be needing it after specifying it once in Plesk.

3. ASP.NET Enterprise Manager also does a neat job in managing SQL databases remotely using a web interface thereby not requiring you to open port 1433.

4. You can change the port SQL listens to i.e. instead of 1433 it could be any port of your choice by configuring SQL to do so. Search MS KB for the same.

5. Applying regular Windows updates normally keeps these backdoor entrants at bay.

6. Ensure unnecesary ports are not open in the Windows Firewall

7. Ensure atleast 10% memory is always available for the system i.e. do not overload your server too much.

8. Do not allow clients to disable antivirus for their accounts and have serverwide antivirus enabled always and for all options available.
 
Actually you can use IPsec to secure tcp port 1433.

John S.G.
 
JackL,

Could you be so kind to point out how could this be achieved?

Warmest Regards
 
You must log in or register to reply here.

Similar threads

weareimpulse
Question Allow remote connections from any host, not working
Replies
2
Views
817
weareimpulse
weareimpulse
J
Question Users to add their IP addresses for Remote SQL connection?
Replies
0
Views
2K
John.Baker
J
M
Issue Database Connection Refused 10 mins after Deploy
Replies
1
Views
491
scsa20
scsa20
N
Resolved Can't connect remotely (local network) to database
Replies
3
Views
1K
Huraira112200
H
G
Resolved I can't Access my Plesk server
Replies
5
Views
9K
372D
3
Back
Top