Hello. We just started using nopCommerce 1.9. Our hosting company is GoDaddy. We've uploaded our site just a few days ago, and we still have it "Closed".
We noticed today that we have hundreds of logs (please see the examples below) in the System Log in the Administration site. It appears that we get lots of similar types of log entries every day, and they look suspicious to us.
What are these errors/logs? Are we being hacked? How can we tell that our site hasn't been compromised? Is there anything we can do to prevent all these errors/logs? Is there anything we should be doing to ensure that our site isn't hacked?
Log type: Unknown
Severity: 11
Message: The file '/scripts/WorkArea/ContentRatingGraph.aspx' does not exist.
Exception: System.Web.HttpException (0x80004005): The file '/scripts/WorkArea/ContentRatingGraph.aspx' does not exist. at System.Web.UI.Util.CheckVirtualFileExists(VirtualPath virtualPath) at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVirtualPathObjectFactory(VirtualPath virtualPath, HttpContext context, Boolean allowCrossApp, Boolean throwIfNotFound) at System.Web.Compilation.BuildManager.CreateInstanceFromVirtualPath(VirtualPath virtualPath, Type requiredBaseType, HttpContext context, Boolean allowCrossApp) at System.Web.UI.PageHandlerFactory.GetHandlerHelper(HttpContext context, String requestType, VirtualPath virtualPath, String physicalPath) at System.Web.UI.PageHandlerFactory.GetHandler(HttpContext context, String requestType, String virtualPath, String path) at System.Web.HttpApplication.MaterializeHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/scripts/workarea/contentratinggraph.aspx?type=time&view=day&res_type=
Referrer:
Created on: 8/22/2011 1:21:51 AM
Log type: Unknown
Severity: 11
Message: Exception of type 'System.Web.HttpException' was thrown.
Exception: System.Web.HttpException (0x80004005): Exception of type 'System.Web.HttpException' was thrown. at System.Web.Handlers.TraceHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/trace.axd
Referrer:
Created on: 8/22/2011 1:21:38 AM
Log type: Unknown
Severity: 11
Message: A potentially dangerous Request.Form value was detected from the client (<?xml version=""1.0"?> <message><type>reque...").
Exception: System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.Form value was detected from the client (<?xml version=""1.0"?> <message><type>reque..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_HasForm() at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull) at System.Web.UI.Page.DeterminePostBackMode() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context) at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.default_aspx.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/
Referrer:
Created on: 8/22/2011 1:20:55 AM
Log type: Unknown
Severity: 11
Message: A potentially dangerous Request.RawUrl value was detected from the client (="...rpu8.aspx?<IMG%20SRC="javascri...").
Exception: System.Web.HttpRequestValidationException (0x80004005): A potentially dangerous Request.RawUrl value was detected from the client (="...rpu8.aspx?<IMG%20SRC="javascri..."). at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_RawUrl() at UrlRewritingNet.Web.UrlRewriteModule.RewriteUrl(HttpApplication app) at UrlRewritingNet.Web.UrlRewriteModule.OnBeginRequest(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.19
Customer:
Page URL: https://[oursitename].com/kattrpu8.aspx?<img%20src="javascript:alert(cross_site_scripting.nasl)
Referrer:
Created on: 8/22/2011 1:19:01 AM
Log type: Unknown
Severity: 11
Message: Illegal characters in path.
Exception: System.ArgumentException: Illegal characters in path. at System.IO.Path.CheckInvalidPathChars(String path) at System.Security.Permissions.FileIOPermission.HasIllegalCharacters(String[] str) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String path) at System.Web.InternalSecurityPermissions.PathDiscovery(String path) at System.Web.HttpRequest.get_PhysicalPath() at UrlRewritingNet.Web.UrlRewriteModule.OnBeginRequest(Object sender, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
IP address: 72.167.191.12
Customer:
Page URL: https://[oursitename].com/.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./.|./winnt/win.ini
Referrer:
Created on: 8/23/2011 1:27:16 AM
Help?! Tons of errors/logs, is our site being hacked?
- 8
- 40
- 2011/3/2
- United States
Hello again... Does anyone have any suggestions/ideas regarding our issue???
We're still getting hundreds of log messages every day. It seems as if someone or something is probing our site for weaknesses. But, we're not completely sure what's going on.
0. Are we (is our website) safe?
1. What are these errors/logs?
2. Is something trying to hack our site?
3. How can we tell that our site hasn't been compromised already?
4. Is there anything we can do to prevent all these errors/logs?
5. Is there anything more we should be doing to ensure that our site isn't hacked?
Please, any information would be greatly appreciated. We're new to websites and nopCommerce.
We're still getting hundreds of log messages every day. It seems as if someone or something is probing our site for weaknesses. But, we're not completely sure what's going on.
0. Are we (is our website) safe?
1. What are these errors/logs?
2. Is something trying to hack our site?
3. How can we tell that our site hasn't been compromised already?
4. Is there anything we can do to prevent all these errors/logs?
5. Is there anything more we should be doing to ensure that our site isn't hacked?
Please, any information would be greatly appreciated. We're new to websites and nopCommerce.
- 8
- 40
- 2011/3/2
- United States
Thanks Andrei. Yes, we know that whatever is 'looking' for something that doesn't exist and is not a part of nopCommerce, but what about the other error logs? The list in the original post was just an example of the different types of error logs we get everyday.
But even more importantly, are we in trouble since we get all these logs every day? Is someone or something trying to hack our site?
And, what can we do to stop this?
Finally, and most importantly, is nopCommerce safe (and secure) so that we can go live and be assured that our info/data won't be hacked?
Thanks!
But even more importantly, are we in trouble since we get all these logs every day? Is someone or something trying to hack our site?
And, what can we do to stop this?
Finally, and most importantly, is nopCommerce safe (and secure) so that we can go live and be assured that our info/data won't be hacked?
Thanks!
- 9
- 65
- 2011/7/21
- United States
"Potentially Dangerous Requests" are fairly common iis log entries for windows web servers. It's iis doing it's job and blocking those requests. It does not mean your site is hacked. I would recommend getting a dedicated IP for your shared hosting account, I assume it's shared hosting anyway. A dedicated IP will help in other ways also, SEO etc.