Last post Dec 05, 2010 10:48 PM by Surfer513
Nov 25, 2010 11:58 PM|Surfer513|LINK
That recent vulnerability where they try to access a WebResource.axd and supposedly it gives them information, well I protected against it with just a default customError in my web.config so I think I'm safe. My question is when will this stop happening??
I have it set up so that I receive an email with details for every runtime error, and I get almost 5 of these types of errors every day. I think I'm safe and protected, but the email volume from this vulnerability alone is rather cumbersome and annoying.
Any ideas if this can be patched or a way to make this stop?
Thanks in advance. :)
Nov 29, 2010 03:02 AM|Ming Xu - MSFT|LINK
My question is when will this stop happening?? I have it set up so that I receive an email with details for every runtime error, and I get almost 5 of these types of errors every day. I think I'm safe and protected, but the email volume from this vulnerability
alone is rather cumbersome and annoying.
According to your description ,for my experience error can be handled programmatically by writing appropriate code in the page-level error event, for errors on an individual page or in the application-level error event for handling errors that may occur
in any pages of the application.
Thus ,the error message can be stored in the event log(write to event log) instead of to be send Email with details.
As far as I know ,you can let the application send an Email to administrator in the application-level error event and make a judgment that which kind of error messages should be send as an Email ,other messages can be stored in the event log.
I would like to suggest you that please check the link below for the sample ,hope it can help you.
Dec 05, 2010 08:50 PM|Surfer513|LINK
Well, it's a 404 error I imagine. I'm not sure how to "filter out" that error, but even if I did that would stop me from receiving LEGITIMATE 404 errors. No?
Dec 05, 2010 09:04 PM|kratos_vimal|LINK
404 errors can be logged in your iis you can access them from there
and for writing errors in your code to log use this:
ILog logger = LogManager.GetLogger("Your page name here");
protected void Page_Load(object sender, EventArgs e)
logger.Info("[Your Page Name here/method called: Page_Load]Exception Occured : " + ex.Message);
logger.Debug("[Your Page Name here/method called: Page_Load]Exception: " + ex.StackTrace);
Hope it helps
Don't forget to mark as answer if it helps
Dec 05, 2010 10:48 PM|Surfer513|LINK
Honestly, I need to do a little research to see if my web hosting allows for me to access logs on the IIS Server. I assumed not, so I implemented sending runtime errors through email. It was fine until this ridiculously frequent security-vulnerability-exploitation
runtime error arose. I guess I could always just test the messages before they are emailed to me. Something like if Left() of the string is "/Webresource.axd" then just exit the subroutine.