I’m looking at my event viewer on my computer and seeing that every single

Question

0

Asked: May 13, 20262026-05-13T08:20:14+00:00 2026-05-13T08:20:14+00:00

I’m looking at my event viewer on my computer and seeing that every single

0

I’m looking at my event viewer on my computer and seeing that every single event in the Applicaiton event viewer is a Failure Audit for SQL Server. The properties of the event all say

Login failed for user ‘sa’. Reason:
Password did not match that for the
login provided. [CLIENT:
78.111.98.132]

Does this mean that there is somebody trying to crack my password? IS there anyway to stop this? Also there don’t seem to be any other events beside this one, is there a reason for that?

This is a Windows Server 2003 R2 Enterprise edition, w/ Service Pack 2
running SQL Server Standard 2008

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-13T08:20:15+00:00

Editorial Team

2026-05-13T08:20:15+00:00Added an answer on May 13, 2026 at 8:20 am

The IP you gave traces to a Turkish ISP in Istanbul, and I suspect that is not where you expecting login attempts, certainly not to SA.

Unless you absolutely need it, disable the SA account, ban the IP range and then get more info on server hardening.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m looking at my event viewer on my computer and seeing that every single

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply