By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,120 Members | 1,799 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,120 IT Pros & Developers. It's quick & easy.

Request.Form abuse

P: n/a
Hi,

Because all my public sites are hosted with a 3rd-party ISP and, therefore,
I don't have access to their server's EventLog etc, every error is emailed
to me.

Recently, I've been getting inundated with errors like the one below.
Obviously, spammers are trying to use a page on the site to send out Viagra
emails etc, but I was curious to know if anyone else is being hit like
this...

Mark

================================================

Error in: /web/default.aspx
Url: /web/default.aspx

Error Message: A potentially dangerous Request.Form value was detected from
the client (body="...ulsionism <a href="http://cial...").
Error Source: System.Web
Error Target Site: Void ValidateString(System.String, System.String,
System.String) Error Description: System.Web.HttpRequestValidationException:
A potentially dangerous Request.Form value was detected from the client
(body="...ulsionism <a href="http://cial...").
at System.Web.HttpRequest.ValidateString(String s, String valueName,
String collectionName)
at System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Bool ean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(Http Context context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.web_default_aspx.ProcessRequest(HttpContext context)
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)

QueryString Data:
-----------------

Post Data:
----------
name: cialis
email: no****************@donotmail.com
linkurl: http://cialis-store.blogspot.com
subject: cialis unanswerableness impotence medicine buy cialis
url_title: cialis
body: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

text: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

comment: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]
,saccharostarchy convulsionism <a href="http://cialis-store.blogspot.com">
cialis</acomminative antihuff usucapion
cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

Comments: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

message: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

msg: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

msgtext: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

txtbody: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

description: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

piv_comment: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

commentText: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

comment_text: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

repText: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

reply: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

content: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

shout: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

guest_message: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

form_body: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

com: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

comment[body]: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

PostComment.ascx:tbComment: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]
Oct 21 '06 #1
Share this Question
Share on Google+
23 Replies


P: n/a
Hi Mark,

Have you considered using Captcha?

http://en.wikipedia.org/wiki/Captcha
http://www.captcha.net/
http://www.w3.org/TR/turingtest/

--
HTH,

Kevin Spencer
Microsoft MVP
Short Order Coder
http://unclechutney.blogspot.com

What You Seek Is What You Get

"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:ua**************@TK2MSFTNGP04.phx.gbl...
Hi,

Because all my public sites are hosted with a 3rd-party ISP and,
therefore, I don't have access to their server's EventLog etc, every error
is emailed to me.

Recently, I've been getting inundated with errors like the one below.
Obviously, spammers are trying to use a page on the site to send out
Viagra emails etc, but I was curious to know if anyone else is being hit
like this...

Mark

================================================

Error in: /web/default.aspx
Url: /web/default.aspx

Error Message: A potentially dangerous Request.Form value was detected
from the client (body="...ulsionism <a href="http://cial...").
Error Source: System.Web
Error Target Site: Void ValidateString(System.String, System.String,
System.String) Error Description:
System.Web.HttpRequestValidationException: A potentially dangerous
Request.Form value was detected from the client (body="...ulsionism <a
href="http://cial...").
at System.Web.HttpRequest.ValidateString(String s, String valueName,
String collectionName)
at
System.Web.HttpRequest.ValidateNameValueCollection (NameValueCollection
nvc, String collectionName)
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Bool ean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(Http Context context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.web_default_aspx.ProcessRequest(HttpContext context)
at
System.Web.HttpApplication.CallHandlerExecutionSte p.System.Web.HttpApplication.IExecutionStep.Execut e()
at System.Web.HttpApplication.ExecuteStep(IExecutionS tep step, Boolean&
completedSynchronously)

QueryString Data:
-----------------

Post Data:
----------
name: cialis
email: no****************@donotmail.com
linkurl: http://cialis-store.blogspot.com
subject: cialis unanswerableness impotence medicine buy cialis
url_title: cialis
body: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

text: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

comment: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]
,saccharostarchy convulsionism <a href="http://cialis-store.blogspot.com">
cialis</acomminative antihuff usucapion
cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

Comments: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

message: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

msg: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

msgtext: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

txtbody: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

description: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

piv_comment: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

commentText: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

comment_text: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

repText: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

reply: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

content: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

shout: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

guest_message: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

form_body: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

com: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

comment[body]: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]

PostComment.ascx:tbComment: saccharostarchy convulsionism <a
href="http://cialis-store.blogspot.com"cialis</acomminative antihuff
usucapion cialis
[link=http://cialis-store.blogspot.com] cialis[/link]


Oct 21 '06 #2

P: n/a
"Kevin Spencer" <sp**@uce.govwrote in message
news:OM**************@TK2MSFTNGP04.phx.gbl...
Have you considered using Captcha?
There is no actual form to fill in on the page in question - it's just being
hijacked...
Oct 21 '06 #3

P: n/a
Ah, so what you're saying is that a POST request is being sent with the
associated form fields in it, which don't correspond to any actual form
fields in the page. Interesting approach to SPAM. I guess the idea is that
some URL might have a form handler for the corresponding form fields, a sort
of "shotgun" approach of some sort. The only thing I can think of at this
point would be to either (1) configure the web server to not respond to
messages from the IP address of the client sending the requests, or (2)
build a mechanism into your app that ignores requests from a list of
configurable IP addresses which you can control. I mention that since you're
not hosting your own app here.

You could also email the provider of the IP address, if they have an abuse
email address.

Da**ed SPAMmers...

--
HTH,

Kevin Spencer
Microsoft MVP
Short Order Coder
http://unclechutney.blogspot.com

What You Seek Is What You Get

"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:OX**************@TK2MSFTNGP02.phx.gbl...
"Kevin Spencer" <sp**@uce.govwrote in message
news:OM**************@TK2MSFTNGP04.phx.gbl...
>Have you considered using Captcha?

There is no actual form to fill in on the page in question - it's just
being hijacked...

Oct 21 '06 #4

P: n/a
"Kevin Spencer" <sp**@uce.govwrote in message
news:eL**************@TK2MSFTNGP04.phx.gbl...
Ah, so what you're saying is that a POST request is being sent with the
associated form fields in it, which don't correspond to any actual form
fields in the page.
Yes.
Interesting approach to SPAM.
All too common, I'm sorry to say...
I guess the idea is that some URL might have a form handler for the
corresponding form fields, a sort of "shotgun" approach of some sort. The
only thing I can think of at this point would be to either (1) configure
the web server to not respond to messages from the IP address of the
client sending the requests, or (2) build a mechanism into your app that
ignores requests from a list of configurable IP addresses which you can
control. I mention that since you're not hosting your own app here.
S'OK - I can easily prevent it from getting any further thany my website - I
was just interested to know if anyone else was experiencing the same
thing...
You could also email the provider of the IP address, if they have an abuse
email address.
Tried that - no response so far...
Oct 21 '06 #5

P: n/a
Mark Rae wrote:
Hi,

Because all my public sites are hosted with a 3rd-party ISP and, therefore,
I don't have access to their server's EventLog etc, every error is emailed
to me.

Recently, I've been getting inundated with errors like the one below.
Obviously, spammers are trying to use a page on the site to send out Viagra
emails etc, but I was curious to know if anyone else is being hit like
this...
Yes, that is common. If you have a form on a public web site, it will
frequently be hit by script robots that try to send spam mails or add
spam into guestbooks and such.

There are some things that you can to to filter out this spam:

:: Give the fields non-descriptive names, like "e28736482634" instead of
"email". That makes it harder for the spam script to determine the use
of the fields, thus easier for you to filter out the attempts.

:: Spam messages often try to put links on your page, hoping that you
don't html-encode the data before displaying it, or that you have a
special tag for links. Look for "<a href=" or "[url=" in the messages.

:: Log what's happening so that you can examine what is sent to the
form. You should quite easily find other patterns that you can use to
filter out most spam.
Oct 22 '06 #6

P: n/a
"Göran Andersson" <gu***@guffa.comwrote in message
news:OK**************@TK2MSFTNGP02.phx.gbl...
Yes, that is common. If you have a form on a public web site, it will
frequently be hit by script robots that try to send spam mails or add spam
into guestbooks and such.
So it seems...
:: Give the fields non-descriptive names, like "e28736482634" instead of
"email". That makes it harder for the spam script to determine the use of
the fields, thus easier for you to filter out the attempts.
There are no fields within the <formtag of the page that's being hit -
only text and hyperlinks...
[quote]
:: Spam messages often try to put links on your page, hoping that you
don't html-encode the data before displaying it, or that you have a
special tag for links. Look for "<a href=" or "[url=" in the messages.[/QUOTE]

There are loads of those - see my OP.
Oct 22 '06 #7

P: n/a
re:
There are no fields within the <formtag of the page that's being hit - only text and
hyperlinks...
They aren't hitting that form.

They're hitting your PostComment User Control : PostComment.ascx

Adding Captcha code to that control should get rid of that problem.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espańol : http://asp.net.do/foros/
===================================
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message news:%2****************@TK2MSFTNGP05.phx.gbl...
"Göran Andersson" <gu***@guffa.comwrote in message news:OK**************@TK2MSFTNGP02.phx.gbl...
>Yes, that is common. If you have a form on a public web site, it will frequently be hit by script
robots that try to send spam mails or add spam into guestbooks and such.
So it seems...
>:: Give the fields non-descriptive names, like "e28736482634" instead of "email". That makes it
harder for the spam script to determine the use of the fields, thus easier for you to filter out
the attempts.
There are no fields within the <formtag of the page that's being hit - only text and
hyperlinks...
[quote]
>:: Spam messages often try to put links on your page, hoping that you don't html-encode the data
before displaying it, or that you have a special tag for links. Look for "<a href=" or "[url=" in
the messages.[/QUOTE]

There are loads of those - see my OP.

Oct 22 '06 #8

P: n/a
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:Oy**************@TK2MSFTNGP04.phx.gbl...
>There are no fields within the <formtag of the page that's being hit -
only text and hyperlinks...

They aren't hitting that form.

They're hitting your PostComment User Control : PostComment.ascx

Adding Captcha code to that control should get rid of that problem.
This doesn't happen often, but I haven't got a clue what you're talking
about here...

The page that's being hit (as evinced from the error messages and the web
logs) is:
http://www.markrae.com/web/default.aspx

There are no data-entry controls within the <formtag - only text and
hyperlinks.

There are no User Controls anywhere in the entire site - I really can't
imagine where you have found PostComment.ascx...

How would adding Captcha code help? Where would I put it?
Oct 22 '06 #9

P: n/a
Hi Mark,
S'OK - I can easily prevent it from getting any further thany my website -
I was just interested to know if anyone else was experiencing the same
thing...
I'm sure many people are experiencing the same thing. I'm very sorry.

--

Kevin Spencer
Microsoft MVP
Short Order Coder
http://unclechutney.blogspot.com

What You Seek Is What You Get

"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:%2***************@TK2MSFTNGP05.phx.gbl...
"Kevin Spencer" <sp**@uce.govwrote in message
news:eL**************@TK2MSFTNGP04.phx.gbl...
<snip>
>

Oct 22 '06 #10

P: n/a
"Kevin Spencer" <sp**@uce.govwrote in message
news:OL**************@TK2MSFTNGP04.phx.gbl...
I'm sure many people are experiencing the same thing.
I'm very fortunate in that my ISP (www.hostinguk.net) is extremely
responsive to such matters. As all the "attacks" (can't think of a better
word) came from the same IP address (66.79.163.226), my ISP has immediately
blocked that IP address in IIS, and has lodged a complaint with the owner of
the IP address in question.
Oct 22 '06 #11

P: n/a
Mark Rae wrote:
There are no fields within the <formtag of the page that's being hit -
only text and hyperlinks...
Why do you have a form on the page, then?
Oct 22 '06 #12

P: n/a
re:
There are no User Controls anywhere in the entire site - I really can't imagine where you have
found PostComment.ascx...
It's mentioned in your original post's error message.
It may be, though, just the system spitting back what they are POSTing to.

What's going on is that the attackers are POSTing to your "default.aspx" page.

I see you have a form named "aspnetForm" with ID "aspnetForm" in default.aspx :

<form name="aspnetForm" method="post" action="default.aspx" id="aspnetForm">

....but it doesn't have a runat="server" property,
which means that anybody can POST to it using HTML.

Maybe, if you don't need the capacity to POST to that page,
you could do without the <form name="aspnetForm"...tag ?

Alternately, you could add the runat="server" property...and let the server manage the security.
The ASP.NET server should reject any POSTs to non-existent fields.

Try either, or both, and see if one of them stops the bleeding.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espańol : http://asp.net.do/foros/
===================================
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message news:u$****************@TK2MSFTNGP03.phx.gbl...
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:Oy**************@TK2MSFTNGP04.phx.gbl...
>>There are no fields within the <formtag of the page that's being hit - only text and
hyperlinks...

They aren't hitting that form.

They're hitting your PostComment User Control : PostComment.ascx

Adding Captcha code to that control should get rid of that problem.

This doesn't happen often, but I haven't got a clue what you're talking about here...

The page that's being hit (as evinced from the error messages and the web logs) is:
http://www.markrae.com/web/default.aspx

There are no data-entry controls within the <formtag - only text and hyperlinks.

There are no User Controls anywhere in the entire site - I really can't imagine where you have
found PostComment.ascx...

How would adding Captcha code help? Where would I put it?

Oct 22 '06 #13

P: n/a
re:
Why do you have a form on the page, then?
Exactly.

Il welcome your comments on the two solutions I outlined in my previous post, Göran.

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espańol : http://asp.net.do/foros/
===================================
"Göran Andersson" <gu***@guffa.comwrote in message news:OP**************@TK2MSFTNGP03.phx.gbl...
Mark Rae wrote:
>There are no fields within the <formtag of the page that's being hit - only text and
hyperlinks...
Why do you have a form on the page, then?

Oct 22 '06 #14

P: n/a
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:el**************@TK2MSFTNGP05.phx.gbl...
>There are no User Controls anywhere in the entire site - I really can't
imagine where you have found PostComment.ascx...

It's mentioned in your original post's error message.
It may be, though, just the system spitting back what they are POSTing to.
Ah - now I understand - yes, I'm sure you're right about that...
What's going on is that the attackers are POSTing to your "default.aspx"
page.
Yes.
I see you have a form named "aspnetForm" with ID "aspnetForm" in
default.aspx :

<form name="aspnetForm" method="post" action="default.aspx"
id="aspnetForm">

...but it doesn't have a runat="server" property,
which means that anybody can POST to it using HTML.
If you're looking at the source HTML, you're never going to see the runat
tag in any attribute...

The page is a ContentPage - the MasterPage has the <formtag as follows:

<form id="frmDefault" runat="server">
<!-- header stuff - logo etc -->
<asp:Menu ID="mnuMenu" runat="server" Orientation="Horizontal" >
<%-- the menu items --%>
</asp:Menu>
<br />
<asp:ContentPlaceHolder ID="cphContent" runat="server" />
</form>

As you know, "aspnetForm" is the name MasterPages give the default form when
the HTML is rendered...
Maybe, if you don't need the capacity to POST to that page,
you could do without the <form name="aspnetForm"...tag ?
If I do that, the whole site will stop working e.g. the <asp:Menuetc...
"Control 'mpDefault_mnuMenu' of type 'Menu' must be placed inside a form tag
with runat=server."
Alternately, you could add the runat="server" property...
See above...
Oct 22 '06 #15

P: n/a
"Göran Andersson" <gu***@guffa.comwrote in message
news:OP**************@TK2MSFTNGP03.phx.gbl...
Why do you have a form on the page, then?
???

Because none of the web controls would work if I didn't... e.g. <asp:Menu>
etc

"Control 'mpDefault_mnuMenu' of type 'Menu' must be placed inside a form tag
with runat=server."
Oct 22 '06 #16

P: n/a
re:
"aspnetForm" is the name MasterPages give the default form when the HTML is rendered...
I totally bypassed that. I should have remembered.

Aargh!

You're up a creek and I'm fresh out of suggestions.

Sorry.


Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espańol : http://asp.net.do/foros/
===================================
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message news:%2****************@TK2MSFTNGP05.phx.gbl...
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:el**************@TK2MSFTNGP05.phx.gbl...
>>There are no User Controls anywhere in the entire site - I really can't imagine where you have
found PostComment.ascx...

It's mentioned in your original post's error message.
It may be, though, just the system spitting back what they are POSTing to.

Ah - now I understand - yes, I'm sure you're right about that...
>What's going on is that the attackers are POSTing to your "default.aspx" page.

Yes.
>I see you have a form named "aspnetForm" with ID "aspnetForm" in default.aspx :

<form name="aspnetForm" method="post" action="default.aspx" id="aspnetForm">

...but it doesn't have a runat="server" property,
which means that anybody can POST to it using HTML.

If you're looking at the source HTML, you're never going to see the runat tag in any attribute...

The page is a ContentPage - the MasterPage has the <formtag as follows:

<form id="frmDefault" runat="server">
<!-- header stuff - logo etc -->
<asp:Menu ID="mnuMenu" runat="server" Orientation="Horizontal" >
<%-- the menu items --%>
</asp:Menu>
<br />
<asp:ContentPlaceHolder ID="cphContent" runat="server" />
</form>

As you know, "aspnetForm" is the name MasterPages give the default form when the HTML is
rendered...
>Maybe, if you don't need the capacity to POST to that page,
you could do without the <form name="aspnetForm"...tag ?

If I do that, the whole site will stop working e.g. the <asp:Menuetc...
"Control 'mpDefault_mnuMenu' of type 'Menu' must be placed inside a form tag with runat=server."
>Alternately, you could add the runat="server" property...

See above...

Oct 22 '06 #17

P: n/a
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:eR**************@TK2MSFTNGP03.phx.gbl...
You're up a creek and I'm fresh out of suggestions.
I'm really not up a creek at all - as I mentioned in a previous reply, my
ISP has blocked the offending IP address, and filed an abuse report etc. As
far as I'm concerned, the attacks have stopped - they may, of course, be
continuing - but I'll ever know about it...

My initial post was just an attempt to see how commonplace this sort of
"attack" was amongst the newsgroup, and it seems to have turned into a bit
of a critique of form design - not that that's necessarily a bad thing, of
course... :-) All discussion is good.
Oct 22 '06 #18

P: n/a
re:
I'm really not up a creek at all
Actually, we all are up a creek.

You may have a sympathetic ISP. Not everybody does.
The rest of us would have to deal with this in code or in IIS security.

*That* is the "creek" I alluded to.

Blocking an IP is an ineffective solution.
The perpetrators could change their IP very easily, or spoof it.

Then you'd have to get your ISP to block their new IP, ad infinitum.

What we need is a way to prevent unwanted POSTs from occurring.

re:
"it seems to have turned into a bit of a critique of form design"

Indeed. Maybe it would be worthwhile for you to file a bug at :

http://connect.microsoft.com/feedbac...spx?SiteID=210

Juan T. Llibre, asp.net MVP
asp.net faq : http://asp.net.do/faq/
foros de asp.net, en espańol : http://asp.net.do/foros/
===================================
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message news:uy**************@TK2MSFTNGP03.phx.gbl...
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:eR**************@TK2MSFTNGP03.phx.gbl...
>You're up a creek and I'm fresh out of suggestions.

I'm really not up a creek at all - as I mentioned in a previous reply, my ISP has blocked the
offending IP address, and filed an abuse report etc. As far as I'm concerned, the attacks have
stopped - they may, of course, be continuing - but I'll ever know about it...

My initial post was just an attempt to see how commonplace this sort of "attack" was amongst the
newsgroup, and it seems to have turned into a bit of a critique of form design - not that that's
necessarily a bad thing, of course... :-) All discussion is good.

Oct 22 '06 #19

P: n/a
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:%2********************@TK2MSFTNGP04.phx.gbl.. .
Actually, we all are up a creek.

You may have a sympathetic ISP. Not everybody does.
That's true enough...
The rest of us would have to deal with this in code or in IIS security.

*That* is the "creek" I alluded to.
OK.
Blocking an IP is an ineffective solution.
The perpetrators could change their IP very easily, or spoof it.

Then you'd have to get your ISP to block their new IP, ad infinitum.
Yes, that's also true...
What we need is a way to prevent unwanted POSTs from occurring.
Yes, that would indeed be a good security feature...
re:
"it seems to have turned into a bit of a critique of form design"

Indeed. Maybe it would be worthwhile for you to file a bug at :

http://connect.microsoft.com/feedbac...spx?SiteID=210
I'll do that.
Oct 22 '06 #20

P: n/a
One solution to the "unwanted POSTs" would be to have a property on a
WebForm that indicates whether it is *only* for PostBack (true by default,
but configurable), which would have any client POST request which is not
from the URL of the page itself would be ignored.

--
HTH,

Kevin Spencer
Microsoft MVP
Short Order Coder
http://unclechutney.blogspot.com

What You Seek Is What You Get

"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
"Juan T. Llibre" <no***********@nowhere.comwrote in message
news:%2********************@TK2MSFTNGP04.phx.gbl.. .
>Actually, we all are up a creek.

You may have a sympathetic ISP. Not everybody does.

That's true enough...
>The rest of us would have to deal with this in code or in IIS security.

*That* is the "creek" I alluded to.

OK.
>Blocking an IP is an ineffective solution.
The perpetrators could change their IP very easily, or spoof it.

Then you'd have to get your ISP to block their new IP, ad infinitum.

Yes, that's also true...
>What we need is a way to prevent unwanted POSTs from occurring.

Yes, that would indeed be a good security feature...
>re:
"it seems to have turned into a bit of a critique of form design"

Indeed. Maybe it would be worthwhile for you to file a bug at :

http://connect.microsoft.com/feedbac...spx?SiteID=210

I'll do that.

Oct 23 '06 #21

P: n/a
"Kevin Spencer" <sp**@uce.govwrote in message
news:%2****************@TK2MSFTNGP02.phx.gbl...
One solution to the "unwanted POSTs" would be to have a property on a
WebForm that indicates whether it is *only* for PostBack (true by default,
but configurable), which would have any client POST request which is not
from the URL of the page itself would be ignored.
That's certainly worth investingating...
Oct 23 '06 #22

P: n/a
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:uh**************@TK2MSFTNGP05.phx.gbl...
That's certainly worth investingating...
Especially since the bastard spammers have just changed / spoofed the IP
address that they were using, as Juan predicted they would...!

I hesitate to call them a bunch of f***ing c**ts because f***ing c**ts is
something that I enjoy very much, but they are total scum who will be first
against the wall when the revolution comes...
Oct 23 '06 #23

P: n/a
I'll volunteer for that firing squad!

--
;-),

Kevin Spencer
Microsoft MVP
Short Order Coder
http://unclechutney.blogspot.com

What You Seek Is What You Get

"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:ev**************@TK2MSFTNGP03.phx.gbl...
"Mark Rae" <ma**@markNOSPAMrae.comwrote in message
news:uh**************@TK2MSFTNGP05.phx.gbl...
>That's certainly worth investingating...

Especially since the bastard spammers have just changed / spoofed the IP
address that they were using, as Juan predicted they would...!

I hesitate to call them a bunch of f***ing c**ts because f***ing c**ts is
something that I enjoy very much, but they are total scum who will be
first against the wall when the revolution comes...

Oct 24 '06 #24

This discussion thread is closed

Replies have been disabled for this discussion.