Windows Azure application - hacking attempt?

Question

Windows Azure application - hacking attempt?

We have our application hosted on Windows Azure and it works well. Recently, we started to see some suspicious requests in our application. Requests are for resources that do not exist in our application.

We began to see exceptions such as:

Message: The file '/a1b2c3d4.asmx' does not exist.

Message: The file '/CrystalReportWebFormViewer2/crystalimagehandler.aspx' does not exist.

Message: The file '/login.aspx' does not exist.

Message: This is an invalid webresource request.

We do not have any files .asmxor Crystal Reports in our application. In addition, all requests come from 100.69.14.169which does not exist at all.

This often happens now. We are not sure if this is a hacking attempt or some automated scripts that are trying to attach something to our Azure application.

Could you help us understand what these requests are and how to stop them?

+4

security windows azure

user3359346 27 . '14 7:32

1

Timothy Lee Russell · Answer 1 · 2014-08-06T04:44:32+0000

web.config requestFiltering, .

. , Azure web.config, .

filteringRules denyStrings, , 404.

   <system.webServer>
        <security>
            <requestFiltering>              
                    <filteringRules>
                        <filteringRule name="BlockAUrl" scanUrl="true" scanQueryString="false">
                            <denyStrings>                                   
                                <add string="/Manage/ScriptKitty/Attempted/Login.aspx" />
                            </denyStrings>
                        </filteringRule>
                    </filteringRules>               
            </requestFiltering>
        </security>
    </system.webServer>

Windows Azure application - hacking attempt?

More articles: