Click here to Skip to main content
15,889,808 members
Search within:


Login failed for user '401hk'. Reason: could not find a login matching the name provided. [CLIENT: 220.180.111.229]
Please Sign up or sign in to vote.
1.00/5 (2 votes)
We have a Microsoft Azure virtual instance and over there we have installed the SQL Server 2014 Express edition. While investigating a issue we found below logs in windows event viewer in application section.

Login failed for user '401hk'. Reason: Could not find a login matching the name provided. [CLIENT: 220.180.111.229]

We observed that there are around 5250 such request in last 24 hours and consuming CPU. The IP and Login name is changing after some requests and all IPs (i.e. 220.180.111.229 ) are locating to China. 
Is it kind of SQL attack? If yes then how to prevent it on Azure(without blocking countries)?


What I have tried:

We have blocked the port 1433 but still got the logs in event viewer.
Posted
Updated 9-Apr-17 19:47pm
Add a Solution
Comments
Bryian Tan 8-Apr-17 9:58am    
have you try the server level firewall rules to limit the SQL access from certain IP addresses?

Azure portal: Azure SQL Database server-level firewall rules | Microsoft Docs[^]

In your case, you should try database-level firewall
Overview of SQL Database firewall rules | Microsoft Docs[^]

1 solution

The issue got resolved after blocking the port 1433 (sql server) from azure portal.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 10 Apr 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900