My Event Log is full of ViewState was Invalid and Unhandled Exception

会有一股神秘感。 提交于 2019-12-23 19:00:37

问题


I have HealthMonitoring on for my website. 90% of my pages are accessed in the format

http://www.itsmywebsite.com/showproduct.aspx?id=somenumber

I was checking the WebEvents_events tables and saw that my table is full of primarily two errors

ERROR 1

0002609ad8vdf45f8daffc7de8716e32    2013-11-25 17:01:18.153 2013-11-25 11:01:18.153 System.Web.Management.WebViewStateFailureAuditEvent 9877    1455    4009    50204   Viewstate verification failed. Reason: Viewstate was invalid.   C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\  /   C15472-132183   http://www.itsmywebsite.com/showproduct.aspx    NULL    Event code: 4009
    Event message: Viewstate verification failed. Reason: Viewstate was invalid.
    Event time: 11/25/2013 11:01:18 AM
    Event time (UTC): 11/25/2013 5:01:18 PM
    Event ID: 0002609ad8vdf45f8daffc7de8716e32
    Event sequence: 9877
    Event occurrence: 1455
    Event detail code: 50204

    Application information:
        Application domain: /LM/W3SVC/94/ROOT-1-1302342423433586
        Trust level: Full
        Application Virtual Path: /
        Application Path: C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\
        Machine name: C15472-132183

    Process information:
        Process ID: 28796
        Process name: w3wp.exe
        Account name: C15472-132183\itsmywebsitecom_web

    Request information:
        Request URL: http://www.itsmywebsite.com/showproduct.aspx
        Request path: /showproduct.aspx
        User host address: 186.xx.xxx.xx
        User: 
        Is authenticated: False
        Authentication Type: 
        Thread account name: C15472-132183\itsmywebsitecom_web

    ViewStateException information:
        Exception message: Invalid viewstate. 
        Client IP: 186.xx.xxx.xx
        Port: 29991
        Referer: 
        Path: /showproduct.aspx
        User-Agent: Mozilla/4.0 (compatible; Synapse)

ERROR 2

0034c75464ecdd32dee41996bfe 2013-11-24 13:19:52.360 2013-11-24 07:19:52.360 System.Web.Management.WebRequestErrorEvent  8727    1313    3005    0   An unhandled exception has occurred.    C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\  /   C15472-132183   http://www.itsmywebsite.com/showproduct.aspx?id=-1%27   System.FormatException  Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/24/2013 7:19:52 AM
Event time (UTC): 11/24/2013 1:19:52 PM
Event ID: 0034c75464ecdd32dee41996bfe
Event sequence: 8727
Event occurrence: 1313
Event detail code: 0

Application information:
    Application domain: /LM/W3SVC/94/ROOT-1-1302342423433586
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\
    Machine name: C15472-132183

Process information:
    Process ID: 14932
    Process name: w3wp.exe
    Account name: C15472-132183\itsmywebsitecom_web

Exception information:
    Exception type: System.FormatException
    Exception message: Input string was not in a correct format.

Request information:
    Request URL: http://www.itsmywebsite.com/showproduct.aspx?id=-1%27
    Request path: /showproduct.aspx
    User host address: 178.xxx.xxx.xxx
    User: 
    Is authenticated: False
    Authentication Type: 
    Thread account name: C15472-132183\itsmywebsitecom_web

Thread information:
    Thread ID: 31
    Thread account name: C15472-132183\itsmywebsitecom_web
    Is impersonating: False
    Stack trace:    at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
   at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
   at System.String.System.IConvertible.ToInt32(IFormatProvider provider)
   at System.Convert.ChangeType(Object value, TypeCode typeCode, IFormatProvider provider)
   at System.Web.UI.WebControls.Parameter.GetValue(Object value, String defaultValue, TypeCode type, Boolean convertEmptyStringToNull, Boolean ignoreNullableTypeChanges)
   at System.Web.UI.WebControls.Parameter.GetValue(Object value, Boolean ignoreNullableTypeChanges)
   at System.Web.UI.WebControls.Parameter.get_ParameterValue()
   at System.Web.UI.WebControls.ParameterCollection.GetValues(HttpContext context, Control control)
   at System.Web.UI.WebControls.ObjectDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments)
   at System.Web.UI.WebControls.BaseDataList.GetData()
   at System.Web.UI.WebControls.DataList.CreateControlHierarchy(Boolean useDataSource)
   at System.Web.UI.WebControls.BaseDataList.OnDataBinding(EventArgs e)
   at System.Web.UI.WebControls.BaseDataList.DataBind()
   at System.Web.UI.WebControls.BaseDataList.EnsureDataBound()
   at System.Web.UI.WebControls.BaseDataList.CreateChildControls()
   at System.Web.UI.Control.EnsureChildControls()
   at System.Web.UI.WebControls.BaseDataList.get_Controls()
   at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
   at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
   at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
   at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
   at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
   at MB.TheBeerHouse.UI.BasePage.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

Please guide me how to prevent these errors from occuring.

Update:

The worst part is the -1%27 appended to urls'. Now that I check again, it's used in the following url's

http://www.itsmywebsite.com/showproduct.aspx?id=-1%27 [invalid]
http://www.itsmywebsite.com/browseproduct.aspx?id=-1%27 [invalid]

and so on. None of these url's exist and my Health Monitoring is logging all these errors. I have around 100K of those now in my table.

A valid url is http://www.itsmywebsite.com/showproduct.aspx?id=127

If there's no way to prevent them, can I handle them in my code by redirection or any other best practice so that it does not generate an error and fill up my table


回答1:


Error 1 see here: Invalid viewstate error

Error 2 it appears that -1' was passed in as a query string parameter, which can't be parsed as a number. If you are sure that this URL didn't originate from your application, then it probably is an automated bot probing your website for vulnerabilities. There is not much you can do about this.




回答2:


You had been targeted with an SQL Injection attack either by a bot or by some random hacker looking for Credit Cards in shops. Online shops are constantly attacked and your will have more attacks that you can imagine.

In order to prevent this kind of attacks you could install a Web Application Firewall such as mod_security (available for IIS and Apache). The plugin will check the provided request, analyze it and stop every attack intent before it's passed to you application.

Web Application Firewalls are just one more mitigation measure, the real solution is to have a secure code. In this particular case you could implement Stacked Queries, limiting permissions, validating input (In this case your app should catch the error first and handle it properly when it's not receiving an Integer parameter) and handling errors properly (such as showing a custom page and not default errors which could expose internal information). Just for naming a few.

In case you need to know anything in special just let me know.




回答3:


If there's no way to prevent them, can I handle them in my code by redirection or any other best practice so that it does not generate an error and fill up my table

Assumming it is a 'good' bot, like a search engine, then you just need to make sure the returned http status is a 404. That is, not found. Alternatively a 50x status would do.

That means you are telling the potential search engine that whatever URL they tried to access to access is really invalid. Now, if it really multiple similar URLs there is nothing to stop a 'good' search engine from checking all linked all linked content.

On the other hand, if its a 'bad' bot crawling your site, then you can't really prevent it. You can't only make sure the end points you are exposing are safe. In asp.net then you don't want to disable default settings that check the viewstate is on by default, so you want to make sure that everything works as is.



来源:https://stackoverflow.com/questions/20205564/my-event-log-is-full-of-viewstate-was-invalid-and-unhandled-exception

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!