|
|
Rank: Enthusiast
Joined: 11/20/2008
Posts: 26
Location: US - Kentucky
|
I'm getting tons of entries in my error log for the following error. I've got almost 4000 in about three weeks. Code:At /SimpleAuthWebService/SimpleAuth.asmx (Referred by: ): Can anyone shed some light on what would be causing this? TIA, Wendall
|
|
Rank: Enthusiast
Joined: 11/20/2008
Posts: 26
Location: US - Kentucky
|
I'm getting more of these entries and the server has crashed the last two mornings. I'm also getting a bunch of errors with event id 1309, Event code 3003 in my system event log. Can anyone shed any light on how to resolve this? Event Log Entry: Code:Event Type: Warning Event Source: ASP.NET 2.0.50727.0 Event Category: Web Event Event ID: 1309 Date: 6/20/2009 Time: 6:57:28 PM User: N/A Computer: ARISTOTLE Description: Event code: 3003 Event message: A validation error has occurred. Event time: 6/20/2009 6:57:28 PM Event time (UTC): 6/20/2009 11:57:28 PM Event ID: afa55618fed1494b999568b7a8eb79d5 Event sequence: 3305 Event occurrence: 3 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/ROOT-1-xxxxxxxxxx891 Trust level: Full Application Virtual Path: / Application Path: c:\inetpub\wwwroot\ Machine name: xxxxxxxxxx Process information: Process ID: 3316 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: HttpRequestValidationException Exception message: A potentially dangerous Request.QueryString value was detected from the client (404;http://www.lindsey.edu:80/index.cgi?id="...Click here</A> to go to men"). Request information: Request URL: http://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=14374.6.18.2486/20/2009 6:57:28 PMEClickhttp://www.lindsey.edu/hidden-content/page-not-found.aspx?404;http://www.lindsey.edu:80/index.cgi?id=143%22%3EClick%20here%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20menhere%3C/A%3E%20to%20go%20to%20men Request path: %21 User host address: %22 User: %23 Is authenticated: %24 Authentication Type: %25 Thread account name: %26 Thread information: Thread ID: %27 Thread account name: %28 Is impersonating: %29 Stack trace: %30 Custom event details: %14 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
|
|
Rank: Newbie
Joined: 2/9/2009
Posts: 8
Location: Cobham
|
1) First thing first if you have ip address for the requests block it at the firewall. 2) Question are do you have any web services running ? 3) Have you run some of the standard Microsoft Secruity tools , URLScan, MBSA . Check through these. http://technet.microsoft.com/en-us/security/cc242650.aspxMicrosoft Baseline Security Analyzer (MBSA) http://technet.microsoft.com/en-us/security/cc184924.aspx4) Assume you have run Windows Update. Most likely a script it running against you server to see if there is any known exploits or SQL injections exploits. If you can block the IP address it is coming from all the better. James
|
|
Rank: Newbie
Joined: 2/9/2009
Posts: 8
Location: Cobham
|
"/SimpleAuthWebService/SimpleAuth.asmx " Is sometime connected to WSUS are you that service off that box ? If the connection are coming locally then mabe you have WSUS problem. But if they are coming externally more likely a hack. http://www.wsuswiki.com/WSUSClientFAQ
|
|
The forum has moved
This forum is no longer in use, so you can't reply to this message - please go to Our Umbraco
|
|
Guest |