We have a Microsoft Azure virtual instance and over there we have installed the SQL Server 2014 Express edition. While investigating a issue we found below logs in windows event viewer in application section. Login failed for user '401hk'. Reason: Could not find a login matching the name provided. [CLIENT: 220.180.111.229] We observed that there are around 5250 such request in last 24 hours and consuming CPU. The IP and Login name is changing after some requests and all IPs (i.e. 220.180.111.229 ) are locating to China. Is it kind of SQL attack? If yes then how to prevent it on Azure(without blocking countries)?
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)