问题
I have HealthMonitoring on for my website. 90% of my pages are accessed in the format
http://www.itsmywebsite.com/showproduct.aspx?id=somenumber
I was checking the WebEvents_events tables and saw that my table is full of primarily two errors
ERROR 1
0002609ad8vdf45f8daffc7de8716e32 2013-11-25 17:01:18.153 2013-11-25 11:01:18.153 System.Web.Management.WebViewStateFailureAuditEvent 9877 1455 4009 50204 Viewstate verification failed. Reason: Viewstate was invalid. C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\ / C15472-132183 http://www.itsmywebsite.com/showproduct.aspx NULL Event code: 4009
Event message: Viewstate verification failed. Reason: Viewstate was invalid.
Event time: 11/25/2013 11:01:18 AM
Event time (UTC): 11/25/2013 5:01:18 PM
Event ID: 0002609ad8vdf45f8daffc7de8716e32
Event sequence: 9877
Event occurrence: 1455
Event detail code: 50204
Application information:
Application domain: /LM/W3SVC/94/ROOT-1-1302342423433586
Trust level: Full
Application Virtual Path: /
Application Path: C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\
Machine name: C15472-132183
Process information:
Process ID: 28796
Process name: w3wp.exe
Account name: C15472-132183\itsmywebsitecom_web
Request information:
Request URL: http://www.itsmywebsite.com/showproduct.aspx
Request path: /showproduct.aspx
User host address: 186.xx.xxx.xx
User:
Is authenticated: False
Authentication Type:
Thread account name: C15472-132183\itsmywebsitecom_web
ViewStateException information:
Exception message: Invalid viewstate.
Client IP: 186.xx.xxx.xx
Port: 29991
Referer:
Path: /showproduct.aspx
User-Agent: Mozilla/4.0 (compatible; Synapse)
ERROR 2
0034c75464ecdd32dee41996bfe 2013-11-24 13:19:52.360 2013-11-24 07:19:52.360 System.Web.Management.WebRequestErrorEvent 8727 1313 3005 0 An unhandled exception has occurred. C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\ / C15472-132183 http://www.itsmywebsite.com/showproduct.aspx?id=-1%27 System.FormatException Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/24/2013 7:19:52 AM
Event time (UTC): 11/24/2013 1:19:52 PM
Event ID: 0034c75464ecdd32dee41996bfe
Event sequence: 8727
Event occurrence: 1313
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/94/ROOT-1-1302342423433586
Trust level: Full
Application Virtual Path: /
Application Path: C:\HostingSpaces\parthak\itsmywebsite.com\wwwroot\
Machine name: C15472-132183
Process information:
Process ID: 14932
Process name: w3wp.exe
Account name: C15472-132183\itsmywebsitecom_web
Exception information:
Exception type: System.FormatException
Exception message: Input string was not in a correct format.
Request information:
Request URL: http://www.itsmywebsite.com/showproduct.aspx?id=-1%27
Request path: /showproduct.aspx
User host address: 178.xxx.xxx.xxx
User:
Is authenticated: False
Authentication Type:
Thread account name: C15472-132183\itsmywebsitecom_web
Thread information:
Thread ID: 31
Thread account name: C15472-132183\itsmywebsitecom_web
Is impersonating: False
Stack trace: at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal)
at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
at System.String.System.IConvertible.ToInt32(IFormatProvider provider)
at System.Convert.ChangeType(Object value, TypeCode typeCode, IFormatProvider provider)
at System.Web.UI.WebControls.Parameter.GetValue(Object value, String defaultValue, TypeCode type, Boolean convertEmptyStringToNull, Boolean ignoreNullableTypeChanges)
at System.Web.UI.WebControls.Parameter.GetValue(Object value, Boolean ignoreNullableTypeChanges)
at System.Web.UI.WebControls.Parameter.get_ParameterValue()
at System.Web.UI.WebControls.ParameterCollection.GetValues(HttpContext context, Control control)
at System.Web.UI.WebControls.ObjectDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments)
at System.Web.UI.WebControls.BaseDataList.GetData()
at System.Web.UI.WebControls.DataList.CreateControlHierarchy(Boolean useDataSource)
at System.Web.UI.WebControls.BaseDataList.OnDataBinding(EventArgs e)
at System.Web.UI.WebControls.BaseDataList.DataBind()
at System.Web.UI.WebControls.BaseDataList.EnsureDataBound()
at System.Web.UI.WebControls.BaseDataList.CreateChildControls()
at System.Web.UI.Control.EnsureChildControls()
at System.Web.UI.WebControls.BaseDataList.get_Controls()
at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
at MB.TheBeerHouse.Helpers.SetInputControlsHighlight(Control container, String className, Boolean onlyTextBoxes)
at MB.TheBeerHouse.UI.BasePage.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Please guide me how to prevent these errors from occuring.
Update:
The worst part is the -1%27 appended to urls'. Now that I check again, it's used in the following url's
http://www.itsmywebsite.com/showproduct.aspx?id=-1%27 [invalid]
http://www.itsmywebsite.com/browseproduct.aspx?id=-1%27 [invalid]
and so on. None of these url's exist and my Health Monitoring is logging all these errors. I have around 100K of those now in my table.
A valid url is http://www.itsmywebsite.com/showproduct.aspx?id=127
If there's no way to prevent them, can I handle them in my code by redirection or any other best practice so that it does not generate an error and fill up my table
回答1:
Error 1 see here: Invalid viewstate error
Error 2 it appears that -1'
was passed in as a query string parameter, which can't be parsed as a number. If you are sure that this URL didn't originate from your application, then it probably is an automated bot probing your website for vulnerabilities. There is not much you can do about this.
回答2:
You had been targeted with an SQL Injection attack either by a bot or by some random hacker looking for Credit Cards in shops. Online shops are constantly attacked and your will have more attacks that you can imagine.
In order to prevent this kind of attacks you could install a Web Application Firewall such as mod_security (available for IIS and Apache). The plugin will check the provided request, analyze it and stop every attack intent before it's passed to you application.
Web Application Firewalls are just one more mitigation measure, the real solution is to have a secure code. In this particular case you could implement Stacked Queries, limiting permissions, validating input (In this case your app should catch the error first and handle it properly when it's not receiving an Integer parameter) and handling errors properly (such as showing a custom page and not default errors which could expose internal information). Just for naming a few.
In case you need to know anything in special just let me know.
回答3:
If there's no way to prevent them, can I handle them in my code by redirection or any other best practice so that it does not generate an error and fill up my table
Assumming it is a 'good' bot, like a search engine, then you just need to make sure the returned http status is a 404. That is, not found. Alternatively a 50x status would do.
That means you are telling the potential search engine that whatever URL they tried to access to access is really invalid. Now, if it really multiple similar URLs there is nothing to stop a 'good' search engine from checking all linked all linked content.
On the other hand, if its a 'bad' bot crawling your site, then you can't really prevent it. You can't only make sure the end points you are exposing are safe. In asp.net then you don't want to disable default settings that check the viewstate is on by default, so you want to make sure that everything works as is.
来源:https://stackoverflow.com/questions/20205564/my-event-log-is-full-of-viewstate-was-invalid-and-unhandled-exception