Last post May 19, 2014 05:16 PM by Rion Williams
May 19, 2014 07:53 AM|zodiac00|LINK
I have a web application that is constantly being attacked with malicious web requests..... mainly xss scripts.
I already have ASP.Net's default page level validations implemented with exceptions being thrown by default.
Is this safe enough or should i consider looking at additional validation efforts ?
May 19, 2014 08:04 AM|Dharmesh.Kotadiya|LINK
You need to block this request. using request IP address.
in Global.ascx at this event Application_BeginRequest
May 19, 2014 08:32 AM|zodiac00|LINK
Yes i do block the suspicious IPs but obviosuly only after the attack has happened.
i need the app to be more proactive.
I also block in IIS
May 19, 2014 03:54 PM|CASPartan|LINK
A site I maintain for a client gets thousands of attacks per day... sometimes hundreds every minute.
Yes, it's hard and impossible to block each and every IP attack (and will be lots of work too).
So I'm real strict on checking the QueryString, because almost all XSS attacks are done via this vector. On each page, I checked the contents of the querystring and if certain keywords are present, I assume the request is an attack and drop the connection.
For example: the following strings should never appear in the querystring of any valid request! They're favorites of hackers, SQL injectors, etc.
Here's a typical kind of attack (just got this a few minutes ago). I wrote a script to email me when suspicious attacks are happening, so I can see what they're doing. It also gives me the chance to block these hackers' IP address if they're really persistent.
IP Address: 18.104.22.168 <------ yup, actual address of that hacker/script kiddie
Server Name: www.*********.**
... and the other usual practices, i.e. if you're expecting a numeric ID, then accept only if its numeric, etc.
May 19, 2014 05:16 PM|Rion Williams|LINK
I usually recommend developers to check out the Web Developer Checklist (which is great for all types of methods of improving your site and application) but in particular the Security section. There
is never any "single" thing that you can do to help keep your site / server protected, but rather a series of steps that you can take to make things more difficult for any malicious activity to go on.
Under there you will find several links and topics such as the following that will help you make your site more secure and help avoid some of the issues that you are mentioning :
For some additional information on Web Security in general, you may want to check out the Open Web Applications Security Project (OWASP) which is a great resource that contains basically everything
you would want to know with regards to security.