ASP.NET Under Attacks

Photo taken from http://www.thetechherald.com/media/images/200817/Hacker_d70focus_1.jpg It seems that ASP.NET sites have been the primary target of hackers during the last week.

First time I heard about this from Scott Hanselman when he tweeted about the downtime of his own blog and Phil’s blog. After a short while, Phil, Sean and Scott updated the status with some details about a mass SQL injection on ASP.NET sites and blogs!

Unfortunately those attacks could make some blogs and sites down for a short while!

I don’t care about my blog statistics very much but Graffiti dashboard gives a quick overview of the recent traffic on my blog in general. Last week I noticed a huge improvement in my traffic for two sequence days (Thursday and Friday) and believed that my traffic was increased for almost 12 times of my average daily traffic!

It wasn’t a normal event at all because after checking my referrals, I couldn’t find any referrer that can put such a huge traffic on my site even though I’m sure that it could only happen if I was linked in one of the top internet pages!

I never could observe that this is caused by a security attack until today when I got suspicious about this huge traffic after seeing it has returned to the normal form. Surely something was wrong in the last couple of days and I wanted to find out what!

Thus first I checked my Smarter Stats reports after a long while and couldn’t find anything related to this. At this point I checked my logs and finally could find many entries related to a mass SQL injection attack similar to what you see in abovementioned tweets!

Fortunately I didn’t experience any downtime and it was good news to see a good security level on my site and its capability to handle this situation.

On the other hand, I’ve been watching security attacks to Waegis in the past month of its public existence. This isn’t something unexpected for me. As a site in the security field, Waegis should be a good candidate for hackers and spammers to make it down somehow. Even though this site is still in infancy stages but I could find and book three attempts with different techniques. They all failed but it notified me of the duplicated importance of security for Waegis!

Aside these circumstances, ASP.NET has grown to the level that is going to take a more important role among web developers and this has had an effect on the number of attempts to make it down. I’m pretty sure that there have been many other attempts to ASP.NET sites recently in order to make them down.

Here the most important point is that we need educated ASP.NET developers who are aware of security mechanisms to write web applications that can withstand without issues related to the security. Unfortunately I would say that at the moment there are many developers without a good level of knowledge in this field (and even in the whole .NET thing) to be able to work around such stuff. This is one of the downsides of the ease and classic form of drag and drop development that is brought to these guys by Microsoft!

[advertisement] Axosoft OnTime 2008 is four developer tools in one: bug tracking, project wiki, feature management, and help desk. It manages your development process so developers can focus on coding. Installed or Hosted – Free Single-user license -- Free 30-day team trial.

3 Comments : 08.09.08