1. 首页
  2. 问答
  3. 事件日志 - Viewstate验证失败

事件日志 - Viewstate验证失败

2011-08-03 198 views
0

最近我们将系统从.net 1.1升级到.net 2.0。由于这样做,我们一直在我们的事件日志中发生错误,并且每分钟都有以下错误。这很奇怪,但所有客户端或用户主机地址似乎指向东欧国家,如俄罗斯或白俄罗斯。这是一个日志记录问题,还是有人合法地试图破解或什么? -事件日志 - Viewstate验证失败

Information 8/2/2011 15:02 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009 
Event message: Viewstate verification failed. Reason: Viewstate was invalid.      
Event time: 8/2/2011 3:02:36 PM      
Event time (UTC): 8/2/2011 7:02:36 PM     
Event ID: e25e0918f9e34bda98abcafadc61a0b6     
Event sequence: 144401     
Event occurrence: 5595     
Event detail code: 50204      

Application information:      
    Application domain: OMMITED-OMMITED    
    Trust level: Full     
    Application Virtual Path: /DirID      
    Application Path: W:\SITE\DirID\      
    Machine name: OMMITED-OMMITED      

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 176.14.136.181 
    User: 
    Is authenticated: False 
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information: 
    Exception message: Invalid viewstate.     
    Client IP: 176.14.136.181     
    Port: 63815      
    User-Agent: TrackChecker      
    PersistedState: [KEY1]     
    Referer: http://www.mysite.com/DirID/Default.aspx     
    Path: /DirID/Default.aspx     
------------------------- 
Information 8/2/2011 14:57 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009 
Event message: Viewstate verification failed. Reason: Viewstate was invalid.      
Event time: 8/2/2011 2:57:11 PM      
Event time (UTC): 8/2/2011 6:57:11 PM     
Event ID: 4d814be560f64258b2c926814fdb10c6     
Event sequence: 142726     
Event occurrence: 5536     
Event detail code: 50204      

Application information:      
    Application domain: OMMITED-OMMITED      
    Trust level: Full     
    Application Virtual Path: /DirID      
    Application Path: W:\SITE\DirID\      
    Machine name: OMMITED-OMMITED  

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 213.87.131.86 
    User: 
    Is authenticated: False 
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information:      
    Exception message: Invalid viewstate.     
    Client IP: 213.87.131.86      
    Port: 21441      
    User-Agent:      
    PersistedState: [KEY1]     
    Referer: http://www.mysite.com/DirID/Default.aspx     
    Path: /DirID/Default.aspx     
----------- 
Information 8/2/2011 14:56 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009 
Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check.      
Event time: 8/2/2011 2:56:10 PM      
Event time (UTC): 8/2/2011 6:56:10 PM     
Event ID: e20e446446374000bf9ad9c6863192e8 
Event sequence: 142476 
Event occurrence: 5534 
Event detail code: 50203 

Application information: 
    Application domain: OMMITED-OMMITED 
    Trust level: Full 
    Application Virtual Path: /DirID 
    Application Path: W:\SITE\DirID\ 
    Machine name: OMMITED-OMMITED 

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 85.174.246.134 
    User: 
    Is authenticated: False 
    Authentication Type: 
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information: 
    Exception message: Invalid viewstate. 
    Client IP: 85.174.246.134 
    Port: 3957 
    User-Agent: TrackChecker 
    PersistedState: dDwxNTA2NDg4MjAzO3Q8O2w8aTwzPjs+O2w8dDw7bDxpPDE+O2k8OT47aTwxMT47aTwxMz47aTwxNT47aTwxNz47aTwxOT47aTwyMT47aTwyMz47aTwyND47aTwyNT47aTwyNj47aTwzMj47aTwzND47PjtsPHQ8O2w8aTwzPjtpPDE5PjtpPDQxPjs+O2w8dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxOYXZpZ2F0ZVVybDtGb250X0JvbGQ7XyFTQjs+O2w8XGU7bzx0PjtpPDIwNDg+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47Pj47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PHA8O3A8bDxvbmNsaWNrOz47bDxTaG93SGlkZVNlY3Rpb24oJ1VQU01JX1Byb2Nlc3NfTG9uZycpXDs7Pj4+Ozs+O3Q8cDw7cDxsPG9uY2xpY2s7PjtsPFNob3dIaWRlU2VjdGlvbignVVBTTUlfUHJvY2Vzc19Mb25nJylcOzs+Pj47Oz47Pj47Pj47bDxidG5UcmFjazs+PgqCqg5dK4H3lAraES3/cf/YlkUD 
    Referer: http://www.mysite.com/DirID/Default.aspx     
    Path: /DirID/Default.aspx

来源

2011-08-03 m0g

回答

2

前两个请求导致视图状态验证/验证问题,因为: PersistedState:[KEY1] - 这是一个直接验证错误。

而且 - 你说你从.net 1.1升级到2.0 但在第三请求中提供的视图状态以“DDW”开始 - 这是一个.NET 1.1的视图状态(对于.NET 2.0中开头“/ wE“)

在用户代理中看到”TrackChecker“告诉我某种bot/crawler保存了旧版本的页面(当它们由.Net 1.1生成时 - 包括视图状态)检查您的内容并提交无效的视图状态(.Net 1.1视图状态将无法通过.Net 2.0进行验证,原因很明显)

来源

2012-07-23 13:07:15 DmitryK

0

我得到我的一个网站有很多,这些视图状态错误的,它通常是设法其运气才能发布信息恶意僵尸。

我怀疑这里是否一样 - 除非你有很多来自白俄罗斯的用户?

如果您修改您的日志以捕获查询字符串和其他请求参数,那么可以为您提供一些关于(所谓的)攻击者或不幸的用户试图实现的线索。

来源

2011-08-03 13:55:43 Widor

+0

其中很多来自俄罗斯,但也有一些来自白俄罗斯。 – m0g

+0

在这种情况下,很难说。日志中没有足够的信息来查找错误的来源。 – Widor

+0

现在有一个原因.net 1.1不会记录这一点,突然当我们升级它.net 2.0所有这些日志开始出现? – m0g

相关问题

 相关问题