ALERT: ASP.NET Hack Attempt

Sunday, May 16, 2004

I wanted to toss this out there in case there is some new or as of yet unpacthed vulnerability. This morning I had an unusual string of errors whereas someone began trying to supplant the VIEWSTATE into the URL and in turn causing an error.

Like I said, I don't know if this is anything significant but my guess is that someone was trying to get a raw error output instead of the error page.

http://yourwebsite/somepage.aspx?__VIEWSTATE=IAMAHACKERTRYINGTOSCREWYOU

If anyone knows anything about this sort of thing, let me know.

6 Comments

Make sure you have EnableViewStateMAC turned on and you should be ok.

rajbk - Sunday, May 16, 2004 5:09:00 PM

what I meant to say was;

Make sure you have EnableViewStateMAC turned on especially on your login page and you should be ok.

rajbk - Sunday, May 16, 2004 5:54:00 PM

It is turned on, thanks though.

M. Keith Warren - Sunday, May 16, 2004 5:59:00 PM

write a small httphandler to limit querystring to say 20 chars or whatever your max is ...

if that happens redirect to a page where you do a whois, log ip and nic card

if it persists block their IP subnet address

on iis/your firewall or with IPSEC

that will do !!

stefan demetz - Sunday, May 16, 2004 9:28:00 PM

I am defeating the attack just fine, and have blocked the originating site which is at a University in Iran; I just wanted to let people know that something of this nature was out there and to on the lookout.

M. Keith Warren - Sunday, May 16, 2004 10:00:00 PM

i took a error message. this error like 'Machine key...'

Raf Sistemleri - Monday, December 15, 2008 4:05:45 PM

Comments have been disabled for this content.