SQL Server Worm -- Is It Just Me....

technobard · 01-29-2003, 12:03 PM

Is it just me or am I missing something. Some script starts scanning the 'net looking for port 1433 (default SQL Server port). If it finds it, it tries to connect based on an empty default password. Then it proceeds to reek havoc. Why are all these servers out there with SQL Server exposed to the internet? There is never any reason to have direct access to a database over the internet. Never any good reason anyway.

01-29-2003, 02:54 PM

True, having ports open that you dont use is very dangerous, but the patch was hard to apply and I believe you had to order a CD to fix it so it's part M$s fault for making it faulty and for the patch being a bit hard to apply, all in all it's just a combination of things but it's pissing me off.... Even UUNet was hit hard

sde · 01-29-2003, 04:25 PM

err .. i dont' think you had to order a cd to fix it.

technoboard, .. it's because of all those windows admins who like to run asp/iis/mssql , .. they don't know any better =)

well, the 2 that i know don't have a choice, .. the company requires windows for everything. they didn't have any problems though because they applied the patch when it came out.

technobard · 01-30-2003, 10:46 AM

Yeah, some saps don't have a choice.

My point though is that if you make only port 80 available through the firewall, the webserver handles connecting to the database via asp/php/jsp/whatever. The guy connecting to a web page doesn't have to connect directly to the database. The fact that so many sites were hit points to a bigger problem. Database security patches shouldn't be ignored, but if you can't see the database in the first place, there is a lot less to worry about.

sde · 01-30-2003, 11:24 AM

good point , . . there are definately needs to access remote databases over the internet though , .. in which case you would have to open that port.

bottom line is that if you use MS products, you better make sure you check for updates often and apply them.

Ilya020 · 01-30-2003, 02:21 PM

Quote:

Originally posted by Vlad902
I believe you had to order a CD to fix it so it's part M$s fault for making it faulty and for the patch being a bit hard to apply,

WTF are you talking about?
The patch was available from Microsoft.com (I think)

Ilya

01-30-2003, 02:53 PM

technoboard: Alot of servers seem locked up so people just reboot them and it fixes the problem and they didn't know they were infected O_O