Is this something specific to nop or is this something which is common with all iis asp.net applications.
Someone malicious recently started targeting my website deliberately. I have put up some external defence mechanisms to mitigate against it but what i noticed was when this was happening, in the customers online it would show me something like this:
Guest 123.345.789.012 Vietnam 5/6/2014 3:38:29 PM http://www.mydomain.com/?active=120000
I think that it was good in a way that this happened as it made me realise what needs to be put in place for an internet facing IIS server but i want to know if this is anything that you guys have experienced.
On my case the person who is launching these attacks did have access to my server at one stage and im concerned if there maybe some code that is causing it but it is unlikely as now since i put up some defences its working well so far.
Love you hear your thoughts
dos attacks
MVP
Silver Solution Partner
Certified Developer
- 2639
- 42712
- 1/21/2010
- United States
Hi Syed,
I just tried your website with this query parameter and it becomes so slow it is almost unusable.
Before that it was working really fast.
How exactly do you fix it after this happen? Do you restart the website?
Also when you say that this person had access to the website what exactly did he have access to?
I just tried your website with this query parameter and it becomes so slow it is almost unusable.
Before that it was working really fast.
How exactly do you fix it after this happen? Do you restart the website?
Also when you say that this person had access to the website what exactly did he have access to?
- 13
- 85
- 4/20/2014
- United Kingdom
Yes i have to restart IIS or the app pool. Currently this is the only way this i can get the site backup after the exploit is initiated. I have put a ban in place for that country in cloudflare. Also i have up the security so cf does a browser check etc before the page loads where i loose a few seconds but the issue remains and i really dont want to start banning countries. You will ne next if you do it again :)
Yes the user had access to the site files as they had been working on them and that all i know
Yes the user had access to the site files as they had been working on them and that all i know
MVP
Silver Solution Partner
Certified Developer
- 2639
- 42712
- 1/21/2010
- United States
Well, it could be anything, but your website and server are definitely compromised.
You should not doubt this!
I would suggest that you have a server administrator or a dev at hand who can perform some monitoring and discover from where on the server the attack comes from. In any case you need to do something about this.
You should not doubt this!
I would suggest that you have a server administrator or a dev at hand who can perform some monitoring and discover from where on the server the attack comes from. In any case you need to do something about this.
