1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

massive problem with MS-SQL-S

Discussion in 'Plesk for Windows - 8.x and Older' started by arachnidservice, Mar 14, 2006.

  1. arachnidservice

    arachnidservice Guest

    0
     
    Greetings, Im currently using a windows 2003 server with plesk, i've been tightning up the security on the server to ensure it does not get compromised, etc.
    I installed a program called tcpview from sysinternals, which allows me to see any and all open tcp ports and connections
    once paticular one caught my eye.

    the one that caught my eye was the MS-SQL-S application, which was scrolling the log several thousand times a minute
    here is a small snippet of the log:

    System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:2391 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:3468 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:3078 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:1918 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:1659 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:2814 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s n811p030.adsl.highway.telekom.at:2159 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:15221 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:25460 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:45944 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:41852 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:37764 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:27529 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:39824 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:31237 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:39831 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:41892 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:13222 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:48040 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:45996 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:39856 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:11190 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:43965 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:17346 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:23490 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:17354 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:9165 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:33741 TIME_WAIT
    [System Process]:0 TCP localhost.secureserver.net:ms-sql-s 69.13.40.146:37838 TIME_WAIT


    Now i checked with the host of the server that i lease it from, and they said that the program was installed as part of the plesk package

    heres my question, has the program been compromised ? if so, how can i fix this, if not, what in tarnation is it doing!

    I checked a few of the ips (thoes were only 2 of several) and they come from random places, the ports also appear to be random as well, if anyone could shed some light on this it would be greatly appreciated, as of right now the MS-SQL-S service is halted and not running untill i can resolve this

    Second question, is anything in the MS SQL service needed by plesk ? since its not part of the license key, and im using MySQL, im not even sure why it was installed.
     
  2. arachnidservice

    arachnidservice Guest

    0
     
    ideas ? anyone ?
     
  3. mircea_hosteur

    mircea_hosteur Guest

    0
     
    MSSQL and MSDE

    What you have installed by default is MSDE, not MSSQL which comes with Plesk

    this is the so called Free or Lite MSSQL version. It comes installed with Plesk, but there are actually some limites applied to:

    for instance, unlike using a full MSSQL license, with MSDE you are free to use and create mssql databases, but only 8 simultaneously connexions are allowed per server. The others will be on waiting . There are also some others limitations, but this is the most important one. You may try to update MSDE to SQL Express (MSDE 2005) . There are some new limitations as well withing SQL Express,. But anyway you will be never allowed to provide full MSSQL functionality to your customers. Unlike MySQL , MSSQL is not an open source application and you will need to get a full microsoft license.

    I advice you to create a separate machine with windows 2003 + MSSQL server full licensed and to connect it as external MSSQL server to your Plesk machines. This is the most commen used solution and this will also avoid a high load average to occur on your Plesk servers. In this way sites functionality will not be affected by the SQL database queries .
     
  4. Gris@

    Gris@ Guest

    0
     
    MSDE 2005 has sessions limit 20.
    Probably it will be enough for you. You can just upgrade to it
     
  5. arachnidservice

    arachnidservice Guest

    0
     
    erm, okay while i appreicate the responses, i think the question was misunderstood.

    If these are connections being made to the MSSQL server -- is it some type of scan ? because i only have 3 clients on the server, none of which use any databases

    what im trying to find out is what is causing the ports to open up, and why they all appear to be random ports.

    I dont want to use MSSQL since i already have MySQL installed, i see no reason to use 2 different database systems
     
  6. arachnidservice

    arachnidservice Guest

    0
     
    okay, i've been asking around on experts exchange (http://www.experts-exchange.com/Databases/Microsoft_SQL_Server/Q_21772789.html#16208063)
    and their theory is that i might be infected by a worm, and its been suggested to uninstall and reinstall the SQL service -- my question is this, how do i do this using plesk ? since it was installed via plesk

    Can it be done without loosing any of the domains/websites currently hosted on the server ? would a reinstall of plesk work ? or would that remove the current hosted domains, etc
     
  7. arachnidservice

    arachnidservice Guest

    0
     
    anyone have any ideas ? any at all ?
     
  8. mircea_hosteur

    mircea_hosteur Guest

    0
     
    REINSTALL

    make a backup using plesk backup , be sure that the backup will succeed with no errors, than make a full OS REload , with Windows reinstall and Plesk also

    In case you need help I am able to assist you

    you you have any yahoo or MSN id ?!
     
  9. arachnidservice

    arachnidservice Guest

    0
     
    full os reinstall is not an option, all i want to do is reinstall SQL, not the whole OS
     
  10. mircea_hosteur

    mircea_hosteur Guest

    0
     
    ok, but this will not remove the exploits or worms that you have on your system

    anyway, make a full backup

    than you should unistall MSDE Plesk using Add/Remove Programs from your Control Panel

    click on modify in order to modify Plesk install, uncheck MSDE
    this should unistall your MSDE

    than do the same in order to reinstall MSDE

    do a full backup with Plesk backup utility and also make a manual backup of your Plesk/databases/MSDE in order to be sure that you will not lose you databases
     
  11. ramon@

    ramon@ Guest

    0
     
    Have you tried to enable the plesk internal firewall under "server / ip-adresses / firewall" ?

    Because if you have not, then port 1433 for sql server is open ...
     
Loading...