Sql hacker attack

[kocins8]

Hello.
Every week i have been hacked by Ukrine hacker.
He is braking up my server via SQL injection and i dont know how he did it. Mostly he just playing around.. Add items to account.. Add credits or just create some new char to someones account.
I have enabled FireWall and only necessary ports are opened.
Anyone can help?
P.S - I'm using MVCore premium version. Microsoft Server 2012 & SQL 2008

 

[KarLi]

change ur sql pass?

 

[CAPITOL]

Use 2 IP's on your server
Admin IP - for RDP (3389) & SQL Remote (1433)
Public IP - MuServer (CS+GS) & Website
Limit their connection in Advance Firewall Settings on Allowed Local IP

If injection is done via Web, better change CMS (MuOnlineWebs or WebEngine)

Some SQL Server Tips:
Rename user "sa" to your preferred name
Use longer password with random combination

***Check your files for Trojan Virus
***Install MSE Anti-Virus on Server
***Limit Connection of Port RDP & SQL to your IP Range

 

[testers121]

he is hacking not your sql but website