Repeated login attempts in the log file for an RDS instance

Question

In the log file for our RDS DB Instance  the Error log file is full of the following entries

2023-10-05 06:08:26.46 Logon Error: 18456, Severity: 14, State: 5.
2023-10-05 06:08:26.46 Logon Login failed for user 'server'. Reason: Could not find a login matching the name provided. [CLIENT: 14.45.33.45]
2023-10-05 06:08:29.01 Logon Error: 18456, Severity: 14, State: 5.
2023-10-05 06:08:29.01 Logon Login failed for user 'server'. Reason: Could not find a login matching the name provided. [CLIENT: 14.45.33.45]
2023-10-05 06:08:31.64 Logon Error: 18456, Severity: 14, State: 5.
2023-10-05 06:08:31.64 Logon Login failed for user 'server'. Reason: Could not find a login matching the name provided. [CLIENT: 14.45.33.45]
2023-10-05 06:08:32.64 Logon Error: 18456, Severity: 14, State: 5.
2023-10-05 06:08:32.64 Logon Login failed for user 'SHRISHTI'. Reason: Could not find a login matching the name provided. [CLIENT: 45.135.232.28]
2023-10-05 06:08:33.07 Logon Error: 18456, Severity: 14, State: 5.

This is happening approximately every 2 seconds.

Is there anyway I can stop this?

Accepted Answer

It seems your RDS is publicly facing. If this is not required, disable public access.

If it is, lock down your security group to only allow connections from trusted IP addresses.

Answer

Possibly got brute-force login attempts from attackers. Is your DB instance accessible via the Internet? If so, you need to either modify your DB subnet group to use private subnets or change its security group's inbound rule to restrict allowed IP.

Repeated login attempts in the log file for an RDS instance

Contenido relevante