p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   BOOK: Beginning ASP.NET 4.5 : in C# and VB (http://p2p.wrox.com/forumdisplay.php?f=710)
-   -   Ch 18 Exception Handling (http://p2p.wrox.com/showthread.php?t=92611)

AlanWheeler April 8th, 2014 11:09 AM

Ch 18 Exception Handling
 
Hi Imar,

So my site that I built from the book has been online for a month or so. I've begun to see some interesting things because my email notifications of site errors is still enabled and it started sending me error messages. Since the site is just part of the exercise from your book and presumably no one really knows about it (unless they are reading this forum and happened to read precisely the post where I might have given you the URL), how would anyone know there is a site? It's actually just a sub-domain, so buried even deeper.

I guess someone must know because I'm getting error messages. The messages tend to come in groups, typically 6 - 8. They happen in rapid succession, the emails frequently showing the same time stamp to the minute. They happen at various times of day. I'll copy a sample of the messages at the bottom of this email.

The first time I saw this it was just after I had asked my hosting provider for help with folder security. In discussions with them it seemed like they may have run some scripts against the site while trouble shooting. Then later I added a ClickOnce page in the root of the site simply because it was a convenient location for testing Visual Studio's default ClickOnce publish to web. I initially (& wrongly) associated a group of error messages with a particular day that I was downloading samples of my pilot test project. But I didn't really check the times of the emails and didn't notice the pattern until last night. I don't think that set of error messages was related to me since they were all in the same minute; I couldn't have even downloaded over the same minute.

Last night I received 6 error messages from the middle of the night. I wasn't accessing the site, and I saw the error messages were all within the same minute in the middle of the night (US time).

1) So I thought I would reach out to you and ask if you recognize what these error messages may be caused by?

2) Is there something I can do to capture better information to determine what is happening? Like who is causing it, insight to what the intent with the requests is, etc.?

3) Can you tell from this error information if I missed including something you told us to include in the error report format?

I checked the User table in the database and there are no new users from when I published and setup the site.

Thanks.

Best Regards,
Alan

I know it's not code, I just thought it might be easier to read in an HTML block in this post. The query strings at the end of the messages are always different. Most of the error messages in a group are like this:

HTML Code:

Message
This is an invalid script resource request.
Stack Trace
at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContextBase context, VirtualFileReader fileReader, Action`2 logAction, Boolean validatePath) at System.Web.Handlers.ScriptResourceHandler.ProcessRequest(HttpContext context) at System.Web.Handlers.ScriptResourceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Query String
d=nv7asgRUU0tRmHNR2D6t1NW4wgUXOJENr93BIpF-0hNTzxoQSnOtPxzU4k5Sl1BB8sAu1ksCzB-tLe7KHT9XCldIAUKjwNvZB8w21Xb-ChwaQvyi3hgvs3vInOqRZLJxZQjQ6UjBDtsX_9ZdMcBKEQ2&t=244e515d

But in each group there will be 1 or 2 of this nature:

HTML Code:

Message
This is an invalid webresource request.
Stack Trace
at System.Web.Handlers.AssemblyResourceLoader.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Query String
d=pynGkmcFUV13He1Qd6_TZPdavZbTCwCGrXwPYdFZRv5osf_fMF4G1_xV7Vtd6IX6_gspOG1w_BnBHeePuvTNMg2&t=635207174963396618


Imar April 8th, 2014 12:13 PM

I am getting the same stuff on my site as well. Looks like a bot making invalid requests. The URL could have been picked up automatically using a bot that scans this forum.

It could also be a regular visitor making invalid requests. Not sure why this would happen, but maybe some browsers don't handle the URLs very well.

You would need to look into the IIS logs and see if there are any patterns you can recognize to see who's accessing your site and why.

Cheers,

Imar

AlanWheeler April 8th, 2014 12:30 PM

Thanks! Cool, I actually have an attacker?

This sounds like a longer process to learn how to handle it, but I appreciate you sharing you have the same thing on your site.

Best Regards,
Alan


All times are GMT -4. The time now is 12:37 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.