Question

Photo of Jeremy Turgeon

0

Blackhat Exception Notification

We've been getting a strange error every few days and I can't seem to find any way to block it.  This may be outside the scope of Rock but I figured I'd see if anyone else has experienced the same issue.

An exception has occurred. Details of this error can be found below:

An error occurred on the site on page:
http://64.186.235.197:80/w00tw00t.at.blackhats.romanian.anti-sec:)

HttpException in System.Web

Message
A potentially dangerous Request.Path value was detected from the client (:).

Stack Trace
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig() at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)

Security
  • Photo of Jim Michael

    2

    This is an automated bot attempting to look for a specific vulnerability on your server. Google for w00tw00t.at.blackhats.romanian.anti-sec and you'll get lots of hits to exactly what it is. I'm not sure it's the best way to address this on IIS, but if you simply add a Request Filter for URL in IIS, it will block the request as a 404 and at least stop Rock from generating exceptions.

    To do this, just open IIS Manager, click on your Rock server, double-click Request Filtering, click the URL tab, click Deny Sequence action and enter w00tw00t.at.blackhats.romanian.anti-sec as the URL. Now when that bot hits the site it will get a 404 (page not found) instead of generating a .NET exception.