0

In the Global.asax's Application_Error() method in my MVC3 application, I have the following code to send out system error notifications:

    protected void Application_Error()
    {
        string ip = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
        string userAgent = string.Empty;
        string currentPageUrl = "";
        if (Request.ServerVariables["HTTPS"].ToString() == "")
        {
            currentPageUrl = Request.ServerVariables["SERVER_PROTOCOL"].ToString().ToLower().Substring(0, 4).ToString() + "://" + Request.ServerVariables["SERVER_NAME"].ToString() + ":" + Request.ServerVariables["SERVER_PORT"].ToString() + Request.ServerVariables["SCRIPT_NAME"].ToString();
        }
        else
        {
            currentPageUrl = Request.ServerVariables["SERVER_PROTOCOL"].ToString().ToLower().Substring(0, 5).ToString() + "://" + Request.ServerVariables["SERVER_NAME"].ToString() + ":" + Request.ServerVariables["SERVER_PORT"].ToString() + Request.ServerVariables["SCRIPT_NAME"].ToString();
        } 

        if (!string.IsNullOrEmpty(ip))
        {
            string[] ipRange = ip.Split(',');
            string trueIP = ipRange[0];
        }
        else
        {
            ip = Request.ServerVariables["REMOTE_ADDR"];
        }

        string urlReferrer = string.Empty;

        try
        {
            urlReferrer = Request.UrlReferrer.ToString();
        }
        catch (Exception ex)
        {
            // do nothing
        }

        try
        {
            // get user Agent
            userAgent = System.Net.Dns.GetHostEntry(ip).HostName; //.GetHostByAddress(ip).HostName;

        }
        catch (Exception ex)
        {
            userAgent = Request.UserAgent;
            // do nothing
        }

        string userDetails = "IP Address: " + ip + 
                                "<br /><br />Url Referrer: " + urlReferrer
                                + "<br /><br />Current Page: " + currentPageUrl + "<br /><br />";


        try
        {
            Exception exception = Server.GetLastError();
            Response.Clear();


            Controllers.ControllerBaseClass.SendSystemNotification("System Error", userDetails + exception.Message + "<br /><br />" + exception.StackTrace);


        }
        catch (Exception ex)
        {
            Controllers.ControllerBaseClass.SendSystemNotification("System Error", userDetails + ex.Message + "<br /><br />" + ex.StackTrace);
        }

    }

So far it has been successfully sending notifications of mostly route errors when attempts like:

www.mysite.com/phpadmin/somephpfile.php

Since there's no route matching that, a file not found exception is thrown. Fine.

The email sent contains the current page that was attempted which resides on my site, and associated text indicating that the controller path for '/[whatever invalid path]/' was not found or does not implement IController.

Recently,however, I've been seeing attacks where the Current page does not exist on my server,

ie. www.etorrent.co.kr:80/js/filter.js

I'm curious as to why I'm not seeing the current page as that of one on my server, and if I need to add additional security features / missed something?

Thanks.

ElHaix
  • 12,846
  • 27
  • 115
  • 203
  • These are usually bots searching for already compromised systems. I wouldn't think you'd need more security for this use case. Nothing can stop someone from typing in invalid URLs. BUT, you can find what IP that the traffic is coming from and ban it. – user1231231412 Dec 30 '11 at 15:12
  • I figured that, but I'm curious as to why I'm seeing that as the current page, and not the referrer? – ElHaix Jan 01 '12 at 19:17

1 Answers1

0

In hack attempts, the potential hacker will create a copy of your site/forms on their server and attempt to launch your processes from those locations. The URL Referrer captures the source of the originating request and that is what appears.

ElHaix
  • 12,846
  • 27
  • 115
  • 203