A little over a year ago we started getting hit with sql injection attacks. We have hundreds of sites so we ended up spending weeks patching any holes we could find. Then a few weeks ago we started getting hit again. We've gone through everything we can think of and we can't find anywhere where the person is getting in. Does anyone know if there's a way to write a script for IIS that will allow me to record every url or posted data that IIS encounters? And because we've got so many sites I'm looking to set up something that doesn't have to be set up for each individual site but that I can set up at the root of the IIS tree. Thanks.
You don't need a script for URL data it can logged in the regular IIS logs.
See this article about setting up the logs.
The first place too look is the Log files (Assuming you are using IIS 6.0, see here for a tutorial how to find them)
The IIS log does not store posted Data though. Look here for a discussion regarding logging post data.
As mentioned above, IIS logs all requests to a web site, unless you have unchecked "Enable Logging". You might want to look in to UrlScan 3.0, which also handles possible SQL injection scenarios, see the section entitled "Rule to Block SQL injection Signatures"
Related
We have moved our website which uses typo3 from on-prem to Azure cloud. We setup a Front door with firewall protection which is different from the previous setup.
Since day one when I log in I can do some stuff for a short while (like 4-5 minutes) and then it kicks me out to login screen.
Another example is when I'm logged in, I open a new tab and check some other sites then go back to typo3, again I'm logged out. Need to log in again.
I lost some of my posts while adding some additional info from other websites.
Any ideas?
I had a similar issue. I resolved it with replacing lockIP in the install tool from 4 to 0.
Note, this is a temp solution so you can keep working, but you really need to find out why this is happening.
Best regards
Every time I try to connect to any SharePoint site running on my customer server I get the following error.
An error occurred accessing your Microsoft SharePoint Foundation site
files. Authors - if authoring against a Web server, please contact the
Webmaster for this server's Web site. WebMasters - please see the
server's application event log for more details.
I already checked the sharepoint options in CA and in every site in the mentioned server. Everything seens correct but the error persists.
It looks like there is no direct relation to SharePoint and something else in the server but I was not able to determine what could cause such behaviour.
Hope someone here has something to say.
Well... After a very long and painful headache we were able to find out what was causing this malfunction.
It was a .net agent from New Relic. This agent is used to analyse traffic, page load time and some other cool things. It basicly add some javascript to the head session of every response our IIS make and this code send some data to New Relic servers that will be processed to build some reports about the applications running in the IIS.
In the end, I just disabled it and SPD turned back to life.
Thanks.
PS: Boland was in the right path. I were able to find out the solution using Fiddler to analyse the responses from IIS. Thanks.
You have to check the event log. Do you see any error there? If not, it must be a network issue. Firewall is rare, because SPD works on TCP/80.
I have recently installed a website project on Azure and that was relatively easy to do thanks to great docs online. We are having a problem with the back office (admin) login though, it's a bit strange, as it didn't happen straight away, I shall elaborate....
When I go to http://www.keelycattschoolofdance.co.uk/umbraco/ it takes me to the login page, which seems fine.
(The url at this point becomes www.keelycattschoolofdance.co.uk/.../login.aspx)
I then login, which works and it starts to display the admin panels but then bounces back to the login and the URL becomes www.keelycattschoolofdance.co.uk/.../login.aspx
I am running this on Azure using the Accelerator, latest version of Umbraco and using SQL CE 4.0 rather than SQL Server.
has anyone seen this before?
Please let me know if you need more information, I shall respond :-)
Thanks in advance
Nick
It sounds like it may be a Session error. This is a problem for Azure and Umbraco because Azure uses round robin load balancing.
The normal way of setting up an Umbraco site using the accelerator would be to have a separate session DB where the shared session state is stored.
Make sure you are using this accelerator for Umbraco on Azure as it's the latest and best.
http://waacceleratorumbraco.codeplex.com/
We have several large production sites using this and I can confirm they all work fine (including the backend editing environment).
Things to watch out for are that you need to follow the instructions closely as they are easy to get wrong :-)
Make sure you don't have dashes in your db names as this makes things go wrong as well.
Finally if you are using more than one web role the Umbraco preview can sometimes yellow screen, as the preview XML may not be on the server that gets to the preview request. This is again because of the round robin load balancing.
Trying to copy a website to a new server as the old one is dying. :(
I tried copying over the files and setting it up manually, but some specific user accounts needed to be used and the guy who set all this up left the company nearly 5 years ago. And is even worse at documentation than I am.
Anyway, at that point the ASP pages were serving, but getting errors. Ok, fine... I went back and exported the configuration from the old server (lucky that worked at all) and created a new website from that config on the new server. On the new website, from the config file, the ASP pages are giving 404 errors.
The Active Server Pages extension is enabled, and I can actually get the asp pages to serve from another website on the server... so I'm thinking it's something at the website level. No idea what though.
Any ideas?
Back when I was doing classic ASP development we used Parent Paths. This is at the top of your ASP file you'll see something like;
<!--#include file="../../resource/includes/MSSQLconnection.asp"-->
This isn't enabled by default in IIS. It may not be answer but worth looking at. But was a long time ago now.
Hope this helps,
Mike
404 is a file not found error.
Start by checking you can access a 'hello world' HTML file in the folder using http: //localhost/path/toyour/HelloWorldFile.htm
Hello World
is all you need in the file = you don't need to bother with any HTML markup to test what we're interested in.
This will check that your virtual directories, application settings etc are correct before you move on to the Active Server Page settings.
Once you've got your paths sorted out and you know you are looking for your application in the correct place move on to a 'hello world' ASP file
<%="Hello World"%>
is all you need in that file!
You ask about settings in IIS which will stop ASP from working. These come to mind as the most obvious.
Depending on the OS (or more specifically the IIS version) you may also need to activate ASP pages.
These instructions from msdn cover Windows 2003 (IIS6) and Windows 2008(IIS 7.x)
If you can get your hello world script working you can move on to debugging your application.
It will be a great help when debugging the application if you can see what's going wrong so I recommend that you turn off friendly error messages if you are using Internet Explorer. Also set IIS to pass error messages on to the browser
see:
http: //learn.iis.net/page.aspx/564/classic-asp-script-error-messages-no-longer-shown-in-web-browser-by-default/ --excuse the link formatting but SO's newbies can't post more than 2 hyperlinks in a message was getting in the way of me trying to be helpful and earning enough rep to post more!
(that may only be relevant to IIS 7.x I don't have an IIS6 installation lying around to refresh my memory.
Make sure you are browsing your application on the server using http: //localhost - this should ensure you see any errors
Good luck
Sometimes the style sheet disappears when naviguating on our WSS 3.0 sites (white background on the site, no colors, no formatting, etc.). This has mainly happened with IE6 (corporate browser for the majority of our computers). The fixes were :
clean up temporary internet files
if it still doesn't work, upgrade to IE 7
However, this time, the upgrade to IE 7 hasn't worked, the style sheet isn't applied. When we clean up temporary internet files, things go back to normal, but after a while the css disappears again.
Here are a few ideas on what you could try:
Fiddler should be able to tell you if there is a network problem.
Check the HTML for anything unusual. Is it malformed in any way? Can you save a copy and run it through an online validator (although this is limited in use as SharePoint's default markup isn't compliant).
If some users are having the issues but others aren't, check their permissions on the server.
You could also try using the SharePoint "Log in as another user" feature to see if the problem can be reproduced on your machine when logged in as them. You may also want to try running Internet Explorer as that user.
Check the Event Viewer on both client and server for anything unusual.
Check the IIS logs on the server for any errors.
Check the SharePoint ULS logs on the server in the "12 Hive" for errors that might be related to this problem.
Try running Process Monitor on the client and reproduce the problem. Search for keywords such as FAIL or ERROR to see if anything appears. Make a note of the time the problem occurs and see if the Process Monitor logs give any additional information.
Is there some javascript that's involved as well? Could it be a virus scanner that is set way to strict? As you pointed out in one of the comments, the CSS isn't even being requested (at IIS log level, which is as basic as you get, not even in SHarePoint yet), so it HAS to be something on the client PC.