Blackhat Exception Notification

Question

0

Blackhat Exception Notification

Jeremy Turgeon posted 9 Years Ago

We've been getting a strange error every few days and I can't seem to find any way to block it. This may be outside the scope of Rock but I figured I'd see if anyone else has experienced the same issue.

An exception has occurred. Details of this error can be found below:

An error occurred on the site on page:
http://64.186.235.197:80/w00tw00t.at.blackhats.romanian.anti-sec:)

HttpException in System.Web

Message
A potentially dangerous Request.Path value was detected from the client (:).

Stack Trace
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Jim Michael · Accepted Answer · 2014-07-17T11:39-07:00

2

Jim Michael replied 9 Years Ago

This is an automated bot attempting to look for a specific vulnerability on your server. Google for w00tw00t.at.blackhats.romanian.anti-sec and you'll get lots of hits to exactly what it is. I'm not sure it's the best way to address this on IIS, but if you simply add a Request Filter for URL in IIS, it will block the request as a 404 and at least stop Rock from generating exceptions.

To do this, just open IIS Manager, click on your Rock server, double-click Request Filtering, click the URL tab, click Deny Sequence action and enter w00tw00t.at.blackhats.romanian.anti-sec as the URL. Now when that bot hits the site it will get a 404 (page not found) instead of generating a .NET exception.

Edit Answer

This is an automated bot attempting to look for a specific vulnerability on your server. Google for&nbsp;<a href="http://64.186.235.197/w00tw00t.at.blackhats.romanian.anti-sec" style="box-sizing: border-box; color: rgb(4, 136, 205); text-decoration: none; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.399999618530273px; line-height: 20.15999984741211px; background-color: rgb(245, 245, 245);">w00tw00t.at.blackhats.romanian.anti-sec</a>&nbsp;and you&#39;ll get lots of hits to exactly what it is. I&#39;m not sure it&#39;s the best way to address this on IIS, but if you simply add a Request Filter for URL in IIS, it will block the request as a 404 and at least stop Rock from generating exceptions.

To do this, just open IIS Manager, click on your Rock server, double-click Request Filtering, click the URL tab, click Deny Sequence action and enter&nbsp;w00tw00t.at.blackhats.romanian.anti-sec as the URL. Now when that bot hits the site it will get a 404 (page not found) instead of generating a .NET exception.

&nbsp;

<p>This is an automated bot attempting to look for a specific vulnerability on your server. Google for&nbsp;<a href="http://64.186.235.197/w00tw00t.at.blackhats.romanian.anti-sec" style="box-sizing: border-box; color: rgb(4, 136, 205); text-decoration: none; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.399999618530273px; line-height: 20.15999984741211px; background-color: rgb(245, 245, 245);">w00tw00t.at.blackhats.romanian.anti-sec</a>&nbsp;and you&#39;ll get lots of hits to exactly what it is. I&#39;m not sure it&#39;s the best way to address this on IIS, but if you simply add a Request Filter for URL in IIS, it will block the request as a 404 and at least stop Rock from generating exceptions.</p>

<p>To do this, just open IIS Manager, click on your Rock server, double-click Request Filtering, click the URL tab, click Deny Sequence action and enter&nbsp;w00tw00t.at.blackhats.romanian.anti-sec as the URL. Now when that bot hits the site it will get a 404 (page not found) instead of generating a .NET exception.</p>

<p>&nbsp;</p>

<p>This is an automated bot attempting to look for a specific vulnerability on your server. Google for&nbsp;<a href="http://64.186.235.197/w00tw00t.at.blackhats.romanian.anti-sec" style="box-sizing: border-box; color: rgb(4, 136, 205); text-decoration: none; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 14.399999618530273px; line-height: 20.15999984741211px; background-color: rgb(245, 245, 245);">w00tw00t.at.blackhats.romanian.anti-sec</a>&nbsp;and you&#39;ll get lots of hits to exactly what it is. I&#39;m not sure it&#39;s the best way to address this on IIS, but if you simply add a Request Filter for URL in IIS, it will block the request as a 404 and at least stop Rock from generating exceptions.</p>

<p>To do this, just open IIS Manager, click on your Rock server, double-click Request Filtering, click the URL tab, click Deny Sequence action and enter&nbsp;w00tw00t.at.blackhats.romanian.anti-sec as the URL. Now when that bot hits the site it will get a 404 (page not found) instead of generating a .NET exception.</p>

<p>&nbsp;</p>

Save Cancel

Jeremy Turgeon

9 years ago

Thanks Jim! This has been bugging me for weeks.
Mark Quisquirin

7 years ago

Thanks Jim. :)

Question

0

Blackhat Exception Notification

HttpException in System.Web

2