Block client IP for SQL Server for multiple failed logins remote connection
When database remote connections are allowed from any host, there are numerous failed login (hacking) attempts.
Database logs show failed attempts are usually for multiple login Ids and from multiple IPs at the same time.
Although strong passwords ensure safety to a level, it would be better if such attempts could be blocked to some more extent by configurations/settings like:
* Blocking an IP after n failed login attempts.
* Manually block/unblock an IP like a Blacklist/Whitelist IP option.
* Unblocking can be auto after a configurable time span e.g. 30 min, 6 hours, 24 hours etc.
* Database server logs in Plesk with filtering options.
* Reporting mechanism in Plesk by IP for count of blocks, unblocks with timestamp etc.
Harbhajan Singh
shared this idea
You can use Plesk fail2ban feature with special mysql jail. More details you can find here https://talk.plesk.com/threads/fail2ban-for-mysql.343704/
—
IG
-
Gene
commented
Can Plesk Admin reopen this unless the suggested feature Windows Fail2Ban https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/6152315-windows-fail2ban also convers MSSQL brute force attacks on port 1433.
If not do reopen this so others can vote as well.
-
Harbhajan Singh
commented
The suggestion above was for SQL Server not MySql. It seems fail2ban can not be used for MS SQL Server on Windows. If it can be, can you please refer any documentation/guide for the same?