/:443 error

If you have questions about using mojoPortal, you can post them here.

You may want to first review our site administration documentation to see if your question is answered there.

This thread is closed to new posts. You must sign in to post in the forums.
11/30/2012 6:48:21 AM
Gravatar
Total Posts 133
J

/:443 error

Since launching our new site that uses Mojo to force all access onto SSL I am seeing a lot of errors like this

2012-11-30 11:37:09,403 ERROR 123.156.189.157 - (null) - (null) - mojoPortal.Web.Global - 123.156.189.157 /:443/ Referrer(http://www.workwithus.org/:443/) useragent Mozilla/5.0 (Windows NT 6.0; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1 

System.Web.HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).
   at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Are these benign? A known attack vector or something else.

Cheers

John

 

11/30/2012 10:03:48 AM
Gravatar
Total Posts 18439

Re: /:443 error

Hi John,

Unless you or known users of your site are experiencing errors you should be able to safely ignore those errors in the log.

Best,

Joe

12/10/2012 9:18:43 AM
Gravatar
Total Posts 133
J

Re: /:443 error

Thanks Joe - is there any way to suppress these /:443 errors in the log? They are coming thick and fast so it's hard to see the errors I want to find in the - no one has complained of seeing errors yet. Mosy of the originating IP's are chines or russian - unsurprisingly though there are some local.

 

J

12/10/2012 9:50:51 AM
Gravatar
Total Posts 18439

Re: /:443 error

Hi John,

Sorry but there is no way to avoid logging some types of errors. You can disable logging errors but that would stop logging all errors.

What I do if I get lots of errors from the same ip address, particularly if they are from RIPE network or Asia Pacific network APNIC, I block them at the firewall to prevent them from causing so much noise. You can also block them from Administration > Advanced Tools > Banned IP Addresses.

Usually I'll search for the ip from the member list first to make sure it is not from a registered user. If the traffic was coming from the ip of a known user I would contact that user.

It is an unfortunate truth that for most sites the bot traffic is much more than the traffic of actual users. I've got similar noise in my logs from bots that constantly generate viewstate errors. They do this trying to exploit an asp.net vulnerability that has long since been fixed but they are hoping to find unpatched machines.

If you configure for database logging, then the log page has links fo  the ip addresses that opens as a popup window and shows the whois information about the ip address.

By using the database I can also query to find the ip addresses that have the most errors, I use the built in query tool and a saved query:

SELECT IpAddress, Count(*)
FROM mp_systemlog 
GROUP BY IpAddress
ORDER BY Count(*) DESC

If I see hundreds of errors from the same ip in a short period since the last time I lcleared the log, I often ban or block those ips from the firewall. However there are so many that my threshold of what I ban has gone up over time.

Best,

Joe

 

12/10/2012 10:16:35 AM
Gravatar
Total Posts 133
J

Re: /:443 error

Thanks for that very comprehensive answer Joe - stellar support as usual.

I do block a lot of stuff at the firewall which allows me to block whole ranges rather than just IP's. I will just have to get stuck in and identify the regular culprits. Hadn't though about using logging to the database that would make it easier.

Cheers

John

You must sign in to post in the forums. This thread is closed to new posts.