Hello. We just started using nopCommerce 1.9. Our hosting company is GoDaddy. We've uploaded our site just a few days ago, and we still have it "Closed".
We noticed today that we have hundreds of logs (please see the examples below) in the System Log in the Administration site. It appears that we get lots of similar types of log entries every day, and they look suspicious to us.
What are these errors/logs? Are we being hacked? How can we tell that our site hasn't been compromised? Is there anything we can do to prevent all these errors/logs? Is there anything we should be doing to ensure that our site isn't hacked?
Log type: Unknown
Severity: 11
Message: The file '/scripts/WorkArea/ContentRatingGraph.aspx' does not exist.
Exception: System.Web.HttpException (0x80004005): The file '/scripts/WorkArea/ContentRatingGraph.aspx' does not exist. at System.Web.UI.Util.CheckVirtualFileExists(VirtualPath virtualPath) at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean throwIfNotFound) at System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp) at System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) at System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String requestType, String virtualPath, String path) at System.Web.HttpApplication.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/scripts/workarea/contentratinggraph.aspx?type=time&view=day&res_type=
Referrer:
Created on: 8/22/2011 1:21:51 AM
Log type: Unknown
Severity: 11
Message: Exception of type 'System.Web.HttpException' was thrown.
Exception: System.Web.HttpException (0x80004005): Exception of type 'System.Web.HttpException' was thrown. at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/trace.axd
Referrer:
Created on: 8/22/2011 1:21:38 AM
Log type: Unknown
Severity: 11
Message: A potentially dangerous Request.Form value was detected from the client (<?xml version=""1.0"?> <message><type>reque...").
Exception: System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (<?xml version=""1.0"?> <message><type>reque..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/
Referrer:
Created on: 8/22/2011 1:20:55 AM
Log type: Unknown
Severity: 11
Message: A potentially dangerous Request.RawUrl value was detected from the client (="...rpu8.aspx?<IMG%20SRC="javascri...").
Exception: System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.RawUrl value was detected from the client (="...rpu8.aspx?<IMG%20SRC="javascri..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_RawUrl() at UrlRewritingNet.Web.UrlRewriteModule.RewriteUrl(HttpApplication app) at UrlRewritingNet.Web.UrlRewriteModule.OnBeginRequest(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/kattrpu8.aspx?<img%20src="javascript:alert(cross_site_scripting.nasl)
Referrer:
Created on: 8/22/2011 1:19:01 AM
Log type: Unknown
Severity: 11
Message: Illegal characters in path.
Exception: System.ArgumentException: Illegal characters in path. at System.IO.Path.CheckInvalidPathChars(String path) at System.Security.Permissions.FileIOPermission.HasIllegalCharacters(String[] str) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String path) at System.Web.InternalSecurityPermissions.PathDiscovery(String path) at System.Web.HttpRequest.get_PhysicalPath() at UrlRewritingNet.Web.UrlRewriteModule.OnBeginRequest(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.12
Customer:
Page URL: https://[oursitename].com/.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./winnt/win.ini
Referrer:
Created on: 8/23/2011 1:27:16 AM