Saturday, February 25, 2012

Route for ASP.NET website and php attacks

When you have a website online, it is common that it is attacked by bots. Most of the time, these attacks aim a php website... And since these robots do not know that my site is in ASP.NET MVC, it suffers for their attacks... As you can see in the next image, my RSS feed (from Elmah (think to visit this site if you are using Elmah : http://asafaweb.com/)) has a lot of errors due to some attacks:


Each attack throws an exception and my logs are unnecessarily cluttered... For this reason, I've had a new route in my Global.asax.cs file:

   1:  routes.MapRoute(
   2:      "PhpAttack",
   3:      "{*allphp}",
   4:      new { controller = "Error", action = "PhpAttack" },
   5:      new { allphp = @".*\.php" }
   6:  );

(note: think to put the page "PhpAttack" in cache)

You can handle these attacks according to your inspiration... For my part, I chose to insert an iframe with a "let me google that for you" link:

   1:  <iframe frameborder="0" src="http://lmgtfy.com/?q=how+to+hack+php" width="100%" height="550px"></iframe>

A little bit more fun than my cluttered RSS feed with useless errors !
Posted by Denis Huvelle - .NET consultant at 7:59 AM
Labels: , ,
Location: Liège, Belgique

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)