Fw: dba_audit_session

From: Chris King <ckaj111_at_yahoo.ca>
Date: Thu, 07 May 2015 15:47:01 +0000
Message-ID: <1065197566.2475703.1431013620514.JavaMail.yahoo_at_mail.yahoo.com>

dbconsole has reported that "There have been 1068 failed login attempts in the last 30 minutes." So I did a select on dba_audit_sessions where returncode !=0 and found that in every case, the os_username is oracle, the returncode is 1017 (invalid username/password).. but.. and here's my question.. the username field of dba_audit_session varies and does not contain database username. Some of the 70 different values are "MSGBOX("    "HTTPS:"   ".EXAMPLE.COM"  "AND1=1".  How can I further track down what is happening?

Note that this has only begun happening since I applied COST to restrict instance registration in Oracle RAC (Doc ID 1340831.1), so could be related, but it's not clear how the change would cause this. Thanks in advance all!   

Received on Thu May 07 2015 - 17:47:01 CEST

Original text of this message