追踪黑客/恶意软件尝试
我目前在基于集群的系统(Rackspace 云)上有一个 .net Web 应用程序。在网络配置中我设置了以下机器密钥。
<machineKey validationKey='DE0...etc'
decryptionKey='A97...etc'
validation='SHA1'/>
我们每天都会收到以下一些错误:
视图状态 MAC 验证失败。如果 该应用程序由 Web 托管 农场或集群,确保 配置指定相同 验证密钥和验证 算法。无法使用自动生成 在一个集群中。
我做了一些谷歌搜索并添加了以下内容。这已经停止了所有以前的错误。然而,它可能为各种黑客攻击打开大门。
<pages enableViewStateMac="false">
但是我现在发现出现以下错误
状态信息对于以下内容无效 此页面可能已损坏。
我正在尝试找出可能导致这两类错误的原因。他们是机器人吗?他们是真正的网络用户吗?他们是否有黑客/恶意软件企图?这是正常现象吗,我应该忽略它们......
任何人都可以解释这一点吗?
I currently have a .net web application on a cluster based system (Rackspace cloud). In web config I have set up the following machine key.
<machineKey validationKey='DE0...etc'
decryptionKey='A97...etc'
validation='SHA1'/>
We were getting a quite a few of the following errors on a daily basis:
Validation of viewstate MAC failed. If
this application is hosted by a Web
Farm or cluster, ensure that
configuration specifies the same
validationKey and validation
algorithm. AutoGenerate cannot be used
in a cluster.
I did a bit of Googling and added the following. This has stopped all the previous errors. However it may open the door for various hacking attacks.
<pages enableViewStateMac="false">
However I am finding now that I get the following errors
The state information is invalid for
this page and might be corrupted.
I am trying to work out what may be causing these two types of errors. Are they bots? Are they genuine web users? Are they hacking/malware attempts? Is this a normal occurrence and I should just ignore them...
Can anyone shed any light on this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我不认为它们是恶意软件/黑客攻击 - 我有时在浏览网站时看到过这些。
我看到的一般原因是页面在用户启动回发之前尚未完成加载 - 有一个隐藏字段呈现在表单底部,如果在以下情况下该字段尚未呈现给浏览器用户单击按钮,服务器将拒绝视图状态。
关于这个问题有一篇相当深入的文章,这里还有一些解决方法:
I don't think they are Malware/hacking attempts - I have sometimes seen those myself when browsing sites.
The general cause I've seen is that the page hasn't completed loading before the user initiates a postback - there is a hidden field that is rendered at the bottom of the form, and if that hasn't been rendered to the browser when the user clicks a button, the server will reject the viewstate.
There's quite an in-depth post about the issue, and some work-arounds here: