locked
Suspicious actvity on my webapplication RRS feed

  • Question

  • User739135361 posted

    Hi,

    I have recently launched a web application. I have been capturing exceptions in the appliction and logging them. Recently I noticed a spurt in exceptions and noticed that various folders / files were being serached for. Altogether, around 1875 errors where logged in a span of 15 mins, which implies it was an automated process. Was this a DOS attack or what is it. Could you please elobrate on this and also what preventive measures to be taken?  Below are the error logs.  

    The controller for path '/wp-admin/' was not found or does not implement IController.
    The controller for path '/LatlFNPp.aspx' was not found or does not implement IController.
    The controller for path '/LatlFNPp.asmx' was not found or does not implement IController.
    The controller for path '/LatlFNPp' was not found or does not implement IController.
    The controller for path '/LatlFNPp/' was not found or does not implement IController.
    The controller for path '/LatlFNPp.ashx' was not found or does not implement IController.
    The controller for path '/cgi.cgi/' was not found or does not implement IController.
    The controller for path '/webcgi/' was not found or does not implement IController.
    The controller for path '/cgi-914/' was not found or does not implement IController.
    The controller for path '/cgi-915/' was not found or does not implement IController.
    Thursday, September 24, 2020 7:52 AM

Answers

  • User-821857111 posted

    A DOS attack floods your application with more traffic than it can handle. This is unlikely to be a DOS attack. It is more likely an automated probe to see what vulnerabilities your application might be susceptible to. 

    Personally, I capture this particular exception and return a 404 result. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 24, 2020 9:35 AM

All replies

  • User-821857111 posted

    A DOS attack floods your application with more traffic than it can handle. This is unlikely to be a DOS attack. It is more likely an automated probe to see what vulnerabilities your application might be susceptible to. 

    Personally, I capture this particular exception and return a 404 result. 

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, September 24, 2020 9:35 AM
  • User739135361 posted

    Can we do anything for such scans? Given that IP can be masked, blocking an ip will not help. 

    Thursday, September 24, 2020 9:44 AM
  • User-821857111 posted

    Can we do anything for such scans?
    Such as preventing them? No. That's why it's so important to guard against the most common vulnerabilities: https://owasp.org/www-project-top-ten/

    Thursday, September 24, 2020 11:50 AM