• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

massive problem with MS-SQL-S

A

arachnidservice

Guest
Greetings, Im currently using a windows 2003 server with plesk, i've been tightning up the security on the server to ensure it does not get compromised, etc.
I installed a program called tcpview from sysinternals, which allows me to see any and all open tcp ports and connections
once paticular one caught my eye.

the one that caught my eye was the MS-SQL-S application, which was scrolling the log several thousand times a minute
here is a small snippet of the log:

System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:2391 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:3468 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:3078 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:1918 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:1659 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:2814 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:2159 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:15221 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:25460 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:45944 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:41852 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:37764 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:27529 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:39824 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:31237 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:39831 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:41892 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:13222 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:48040 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:45996 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:39856 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:11190 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:43965 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:17346 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:23490 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:17354 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:9165 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:33741 TIME_WAIT
[System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:37838 TIME_WAIT


Now i checked with the host of the server that i lease it from, and they said that the program was installed as part of the plesk package

heres my question, has the program been compromised ? if so, how can i fix this, if not, what in tarnation is it doing!

I checked a few of the ips (thoes were only 2 of several) and they come from random places, the ports also appear to be random as well, if anyone could shed some light on this it would be greatly appreciated, as of right now the MS-SQL-S service is halted and not running untill i can resolve this

Second question, is anything in the MS SQL service needed by plesk ? since its not part of the license key, and im using MySQL, im not even sure why it was installed.
 
MSSQL and MSDE

What you have installed by default is MSDE, not MSSQL which comes with Plesk

this is the so called Free or Lite MSSQL version. It comes installed with Plesk, but there are actually some limites applied to:

for instance, unlike using a full MSSQL license, with MSDE you are free to use and create mssql databases, but only 8 simultaneously connexions are allowed per server. The others will be on waiting . There are also some others limitations, but this is the most important one. You may try to update MSDE to SQL Express (MSDE 2005) . There are some new limitations as well withing SQL Express,. But anyway you will be never allowed to provide full MSSQL functionality to your customers. Unlike MySQL , MSSQL is not an open source application and you will need to get a full microsoft license.

I advice you to create a separate machine with windows 2003 + MSSQL server full licensed and to connect it as external MSSQL server to your Plesk machines. This is the most commen used solution and this will also avoid a high load average to occur on your Plesk servers. In this way sites functionality will not be affected by the SQL database queries .
 
MSDE 2005 has sessions limit 20.
Probably it will be enough for you. You can just upgrade to it
 
erm, okay while i appreicate the responses, i think the question was misunderstood.

If these are connections being made to the MSSQL server -- is it some type of scan ? because i only have 3 clients on the server, none of which use any databases

what im trying to find out is what is causing the ports to open up, and why they all appear to be random ports.

I dont want to use MSSQL since i already have MySQL installed, i see no reason to use 2 different database systems
 
okay, i've been asking around on experts exchange (http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_21772789.html#16208063)
and their theory is that i might be infected by a worm, and its been suggested to uninstall and reinstall the SQL service -- my question is this, how do i do this using plesk ? since it was installed via plesk

Can it be done without loosing any of the domains/websites currently hosted on the server ? would a reinstall of plesk work ? or would that remove the current hosted domains, etc
 
REINSTALL

make a backup using plesk backup , be sure that the backup will succeed with no errors, than make a full OS REload , with Windows reinstall and Plesk also

In case you need help I am able to assist you

you you have any yahoo or MSN id ?!
 
full os reinstall is not an option, all i want to do is reinstall SQL, not the whole OS
 
ok, but this will not remove the exploits or worms that you have on your system

anyway, make a full backup

than you should unistall MSDE Plesk using Add/Remove Programs from your Control Panel

click on modify in order to modify Plesk install, uncheck MSDE
this should unistall your MSDE

than do the same in order to reinstall MSDE

do a full backup with Plesk backup utility and also make a manual backup of your Plesk/databases/MSDE in order to be sure that you will not lose you databases
 
Have you tried to enable the plesk internal firewall under "server / ip-adresses / firewall" ?

Because if you have not, then port 1433 for sql server is open ...
 
You must log in or register to reply here.
Back
Top