Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.
COURSE of the MONTH
11 days, 5 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Denial of Service Attacks
Posted on 2010-09-06
I've just had a request from an old client, (site created 8 yrs ago) that he's having a DOS problem, the site was one of my last asp sites and the info he has sent me is shown below.
Can anyone explain this? Help resolve it or is it a case of a rewrite to ASP.NET in which case I need help with the justification!
The attack scenario is thus:
"Some server sends a request like
index.php?option=com_produ
../../../proc/self/environ
This makes your IIS server panic and it uses greater than 100% CPU! The type of request is a DOS (Denial of Service) attack, but it looks like a DOS attack for a Unix based machine, not a Windows machine, but it is crippling your server.
It's something to do with your server not being able to handle a "querystring" (to the right of the "?") with a multiple "up directory" ( the ".." parts) - or maybe just one "up directory".
I've been trying to find something that would redirect the above line to something else (or reject it), but not being successful.
I've heard that this problem can be caused by "bad code" - I've written a dummy index.php on your server, but the crash is caused *before* it even requests the index.php page - so I don't think it's a "bad coding" issue!"
Mark
Can anyone explain this? Help resolve it or is it a case of a rewrite to ASP.NET in which case I need help with the justification!
The attack scenario is thus:
"Some server sends a request like
index.php?option=com_produ
../../../proc/self/environ
This makes your IIS server panic and it uses greater than 100% CPU! The type of request is a DOS (Denial of Service) attack, but it looks like a DOS attack for a Unix based machine, not a Windows machine, but it is crippling your server.
It's something to do with your server not being able to handle a "querystring" (to the right of the "?") with a multiple "up directory" ( the ".." parts) - or maybe just one "up directory".
I've been trying to find something that would redirect the above line to something else (or reject it), but not being successful.
I've heard that this problem can be caused by "bad code" - I've written a dummy index.php on your server, but the crash is caused *before* it even requests the index.php page - so I don't think it's a "bad coding" issue!"
Mark
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
4 Comments
Maybe this one?
http://support.microsoft.com/kb/254142/EN-US/
http://support.microsoft.com/kb/254142/EN-US/
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Running classic asp applications under Windows Server 2008 R2 (x64) and IIS 7 is not as easy as one may think. It took me a while to figure it out while getting error 8002801d a few times.
After you install the OS you will need to install the fol…
Prologue
It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you!
In this Micro Tutorial, you'll learn yo…
- Microsoft Applications
- Windows 10
- Windows OS
- Fonts Typography
- Windows 7, Microsoft Word
Suggested Courses
Course of the Month11 days, 5 hours left to enroll
770 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.