Sql Server - Login failed for user 'usera'. Reason: Could not find a login matching the name provided

Question

I run mssql server on ubuntu and sometimes the mssql service is fallen and my hosted app stops to work.

Looking at the error log and running Profiler I found these errors:

2019-10-08 13:27:47.64 Logon       Error: 18456, Severity: 14, State: 5.
2019-10-08 13:27:47.64 Logon       Login failed for user 'mssqla'. Reason: Could not find a login matching the name provided. [CLIENT: 123.125.125.248]

2019-10-08 13:27:46.32 Logon       Error: 18456, Severity: 14, State: 8.
2019-10-08 13:27:46.32 Logon       Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 123.125.125.248]

2019-10-08 13:28:57.13 Logon       Error: 18456, Severity: 14, State: 5.
2019-10-08 13:28:57.13 Logon       Login failed for user 'usera'. Reason: Could not find a login matching the name provided. [CLIENT: 123.125.125.248]

The users usera and mssqla don't exist and never were and I checked the ip address location and it shows it's origin is from China.

Profiler trace results:

I search the process id in my ubuntu using the command sudo ps -A and processes not exist.

Am I being paranoid or someone from China tries to hack my Database and how can I stop him?

Answer 1

You could be able to do auditing the activities and trace the activities within SQL Instance, for blocking part the better place is firewall, you may follow this approach to automate the firewall blocking entries at windows firewall level.

In addition to the blocking, some security recommendations that you can refer to:

Answer 2

That your webserver needs access to the database server is out of question - but at the same time this should be only in your local subnet. If possible place the database on a second server - even a properly run virtual one inside vmware ws or similar will do - just limit the access to the database server to your local subnet.