1. 首頁
  2. 問答
  3. 事件日誌 - Viewstate驗證失敗

事件日誌 - Viewstate驗證失敗

2011-08-03 197 views
0

最近我們將系統從.net 1.1升級到.net 2.0。由於這樣做,我們一直在我們的事件日誌中發生錯誤,並且每分鐘都有以下錯誤。這很奇怪,但所有客戶端或用戶主機地址似乎指向東歐國家,如俄羅斯或白俄羅斯。這是一個日誌記錄問題,還是有人合法地試圖破解或什麼? -事件日誌 - Viewstate驗證失敗

Information 8/2/2011 15:02 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009 
Event message: Viewstate verification failed. Reason: Viewstate was invalid.      
Event time: 8/2/2011 3:02:36 PM      
Event time (UTC): 8/2/2011 7:02:36 PM     
Event ID: e25e0918f9e34bda98abcafadc61a0b6     
Event sequence: 144401     
Event occurrence: 5595     
Event detail code: 50204      

Application information:      
    Application domain: OMMITED-OMMITED    
    Trust level: Full     
    Application Virtual Path: /DirID      
    Application Path: W:\SITE\DirID\      
    Machine name: OMMITED-OMMITED      

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 176.14.136.181 
    User: 
    Is authenticated: False 
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information: 
    Exception message: Invalid viewstate.     
    Client IP: 176.14.136.181     
    Port: 63815      
    User-Agent: TrackChecker      
    PersistedState: [KEY1]     
    Referer: http://www.mysite.com/DirID/Default.aspx     
    Path: /DirID/Default.aspx     
------------------------- 
Information 8/2/2011 14:57 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009 
Event message: Viewstate verification failed. Reason: Viewstate was invalid.      
Event time: 8/2/2011 2:57:11 PM      
Event time (UTC): 8/2/2011 6:57:11 PM     
Event ID: 4d814be560f64258b2c926814fdb10c6     
Event sequence: 142726     
Event occurrence: 5536     
Event detail code: 50204      

Application information:      
    Application domain: OMMITED-OMMITED      
    Trust level: Full     
    Application Virtual Path: /DirID      
    Application Path: W:\SITE\DirID\      
    Machine name: OMMITED-OMMITED  

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 213.87.131.86 
    User: 
    Is authenticated: False 
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information:      
    Exception message: Invalid viewstate.     
    Client IP: 213.87.131.86      
    Port: 21441      
    User-Agent:      
    PersistedState: [KEY1]     
    Referer: http://www.mysite.com/DirID/Default.aspx     
    Path: /DirID/Default.aspx     
----------- 
Information 8/2/2011 14:56 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009 
Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check.      
Event time: 8/2/2011 2:56:10 PM      
Event time (UTC): 8/2/2011 6:56:10 PM     
Event ID: e20e446446374000bf9ad9c6863192e8 
Event sequence: 142476 
Event occurrence: 5534 
Event detail code: 50203 

Application information: 
    Application domain: OMMITED-OMMITED 
    Trust level: Full 
    Application Virtual Path: /DirID 
    Application Path: W:\SITE\DirID\ 
    Machine name: OMMITED-OMMITED 

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 85.174.246.134 
    User: 
    Is authenticated: False 
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information: 
    Exception message: Invalid viewstate. 
    Client IP: 85.174.246.134 
    Port: 3957 
    User-Agent: TrackChecker 
    PersistedState: dDwxNTA2NDg4MjAzO3Q8O2w8aTwzPjs+O2w8dDw7bDxpPDE+O2k8OT47aTwxMT47aTwxMz47aTwxNT47aTwxNz47aTwxOT47aTwyMT47aTwyMz47aTwyND47aTwyNT47aTwyNj47aTwzMj47aTwzND47PjtsPHQ8O2w8aTwzPjtpPDE5PjtpPDQxPjs+O2w8dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxOYXZpZ2F0ZVVybDtGb250X0JvbGQ7XyFTQjs+O2w8XGU7bzx0PjtpPDIwNDg+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47Pj47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PHA8O3A8bDxvbmNsaWNrOz47bDxTaG93SGlkZVNlY3Rpb24oJ1VQU01JX1Byb2Nlc3NfTG9uZycpXDs7Pj4+Ozs+O3Q8cDw7cDxsPG9uY2xpY2s7PjtsPFNob3dIaWRlU2VjdGlvbignVVBTTUlfUHJvY2Vzc19Mb25nJylcOzs+Pj47Oz47Pj47Pj47bDxidG5UcmFjazs+PgqCqg5dK4H3lAraES3/cf/YlkUD 
    Referer: http://www.mysite.com/DirID/Default.aspx     
    Path: /DirID/Default.aspx

來源

2011-08-03 m0g

回答

2

前兩個請求導致視圖狀態驗證/驗證問題,因爲: PersistedState:[KEY1] - 這是一個直接驗證錯誤。

而且 - 你說你從.net 1.1升級到2.0 但在第三請求中提供的視圖狀態以「DDW」開始 - 這是一個.NET 1.1的視圖狀態(對於.NET 2.0中開頭「/ wE「)

在用戶代理中看到」TrackChecker「告訴我某種bot/crawler保存了舊版本的頁面(當它們由.Net 1.1生成時 - 包括視圖狀態)檢查您的內容並提交無效的視圖狀態(.Net 1.1視圖狀態將無法通過.Net 2.0進行驗證,原因很明顯)

來源

2012-07-23 13:07:15 DmitryK

0

我得到我的一個網站有很多,這些視圖狀態錯誤的,它通常是設法其運氣才能發佈信息惡意殭屍。

我懷疑這裏是否一樣 - 除非你有很多來自白俄羅斯的用戶?

如果您修改您的日誌以捕獲查詢字符串和其他請求參數,那麼可以爲您提供一些關於(所謂的)攻擊者或不幸的用戶試圖實現的線索。

來源

2011-08-03 13:55:43 Widor

+0

其中很多來自俄羅斯,但也有一些來自白俄羅斯。 – m0g

+0

在這種情況下,很難說。日誌中沒有足夠的信息來查找錯誤的來源。 – Widor

+0

現在有一個原因.net 1.1不會記錄這一點,突然當我們升級它.net 2.0所有這些日誌開始出現? – m0g

相關問題

 相關問題