Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Bot trying ampersand query string
Message
From
06/02/2017 16:34:59
Michel Fournier
Level Extreme Inc.
Petit-Rocher, New Brunswick, Canada
 
 
To
06/02/2017 16:28:17
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: Bot trying ampersand query string
Environment versions
Environment:
VB 9.0
OS:
Windows 8.1
Network:
Windows Server 2012
Database:
Visual FoxPro
Application:
Web
Miscellaneous
Thread ID:
01647590
Message ID:
01647631
Views:
21
>I have a couple of similar situations. I don't know the answer either and I'd like to hear anyone else's experiences.

I see.

>From the limited research I've done, basically, your application that's monitoring the logs has to be able to talk to your firewall and ask it to block the offending IP address(es). This is the ideal case; you don't want ANY traffic from those IPs to be able to reach anything in your environment. I don't know if it's possible to configure typical web servers to block IPs but that's not ideal; the traffic is still entering your environment and hitting your web server.

Yes, those are, sometimes, erroneous url commands sent as is. But, sometimes, they are also unwanted and they are known as attempts to infiltrate. I do have all kind of mechanisms for blocking such. And, there is also the firewall as you said. Most of the bots are, for some of them, blocked at a secondary level. Most of them usually don't try to continue to hit a site if they get a Response.End(). It is also sensitive to block at the firewall as other applications might want them to come as is and others not. That is why I have various levels of detection. When it comes to the firewall, this is considered a serious issue.

>In some cases the event in the standard Windows event logs doesn't record an IP address. In that case you may have to look in other logs as well.

I have IPs on all of them.

>There is a slight danger to blocking IPs. If a sophisticated attacker knows the IP addresses of your legitimate users, they could send a bad request spoofing one of those addresses. That would cause legitimate users to be denied service.

And, there's that.

>I've Googled topics such as [how to dynamically block abusive ip]. There are a few ideas there (mostly open source) but nothing easy or simple.
>
>This is a common problem, I can't help thinking there could be a whole industry built around addressing it but I haven't found any products yet.

For as long as the Internet exists, there will always be good and bad people targeting at that. I always assumed there are some who can infiltrate anywhere they want. For most of them, they are on the good site. They usually work with major entities putting their network at a more secured level. But, as you said, there is just so much, sometimes, we can do.
Michel Fournier
Level Extreme Inc.
Designer, architect, owner of the Level Extreme Platform
Subscribe to the site at https://www.levelextreme.com/Home/DataEntry?Activator=55&NoStore=303
Subscription benefits https://www.levelextreme.com/Home/ViewPage?Activator=7&ID=52
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform