최근에 우리 시스템을 .net 1.1에서 .net 2.0으로 업그레이드했습니다. 이후 우리는 매분마다 다음 오류로 이벤트 로그에 오류가 발생했습니다. 이상한 일이지만 모든 클라이언트 ips 또는 사용자 호스트 주소가 러시아 또는 벨로루시 같은 동부 유럽 국가를 가리키는 것으로 보입니다. 로깅 문제입니까 아니면 합법적으로 해킹하려는 사람입니까? -이벤트 로그 - Viewstate 확인에 실패했습니다.
Information 8/2/2011 15:02 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009
Event message: Viewstate verification failed. Reason: Viewstate was invalid.
Event time: 8/2/2011 3:02:36 PM
Event time (UTC): 8/2/2011 7:02:36 PM
Event ID: e25e0918f9e34bda98abcafadc61a0b6
Event sequence: 144401
Event occurrence: 5595
Event detail code: 50204
Application information:
Application domain: OMMITED-OMMITED
Trust level: Full
Application Virtual Path: /DirID
Application Path: W:\SITE\DirID\
Machine name: OMMITED-OMMITED
Process information:
Process ID: 1740
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Request information:
Request URL: http://www.mysite.com/DirID/Default.aspx
Request path: /DirID/Default.aspx
User host address: 176.14.136.181
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\SYSTEM
ViewStateException information:
Exception message: Invalid viewstate.
Client IP: 176.14.136.181
Port: 63815
User-Agent: TrackChecker
PersistedState: [KEY1]
Referer: http://www.mysite.com/DirID/Default.aspx
Path: /DirID/Default.aspx
-------------------------
Information 8/2/2011 14:57 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009
Event message: Viewstate verification failed. Reason: Viewstate was invalid.
Event time: 8/2/2011 2:57:11 PM
Event time (UTC): 8/2/2011 6:57:11 PM
Event ID: 4d814be560f64258b2c926814fdb10c6
Event sequence: 142726
Event occurrence: 5536
Event detail code: 50204
Application information:
Application domain: OMMITED-OMMITED
Trust level: Full
Application Virtual Path: /DirID
Application Path: W:\SITE\DirID\
Machine name: OMMITED-OMMITED
Process information:
Process ID: 1740
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Request information:
Request URL: http://www.mysite.com/DirID/Default.aspx
Request path: /DirID/Default.aspx
User host address: 213.87.131.86
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\SYSTEM
ViewStateException information:
Exception message: Invalid viewstate.
Client IP: 213.87.131.86
Port: 21441
User-Agent:
PersistedState: [KEY1]
Referer: http://www.mysite.com/DirID/Default.aspx
Path: /DirID/Default.aspx
-----------
Information 8/2/2011 14:56 ASP.NET 2.0.50727.0 1316 Web Event Event code: 4009
Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check.
Event time: 8/2/2011 2:56:10 PM
Event time (UTC): 8/2/2011 6:56:10 PM
Event ID: e20e446446374000bf9ad9c6863192e8
Event sequence: 142476
Event occurrence: 5534
Event detail code: 50203
Application information:
Application domain: OMMITED-OMMITED
Trust level: Full
Application Virtual Path: /DirID
Application Path: W:\SITE\DirID\
Machine name: OMMITED-OMMITED
Process information:
Process ID: 1740
Process name: w3wp.exe
Account name: NT AUTHORITY\SYSTEM
Request information:
Request URL: http://www.mysite.com/DirID/Default.aspx
Request path: /DirID/Default.aspx
User host address: 85.174.246.134
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\SYSTEM
ViewStateException information:
Exception message: Invalid viewstate.
Client IP: 85.174.246.134
Port: 3957
User-Agent: TrackChecker
PersistedState: dDwxNTA2NDg4MjAzO3Q8O2w8aTwzPjs+O2w8dDw7bDxpPDE+O2k8OT47aTwxMT47aTwxMz47aTwxNT47aTwxNz47aTwxOT47aTwyMT47aTwyMz47aTwyND47aTwyNT47aTwyNj47aTwzMj47aTwzND47PjtsPHQ8O2w8aTwzPjtpPDE5PjtpPDQxPjs+O2w8dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxOYXZpZ2F0ZVVybDtGb250X0JvbGQ7XyFTQjs+O2w8XGU7bzx0PjtpPDIwNDg+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47Pj47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PHA8O3A8bDxvbmNsaWNrOz47bDxTaG93SGlkZVNlY3Rpb24oJ1VQU01JX1Byb2Nlc3NfTG9uZycpXDs7Pj4+Ozs+O3Q8cDw7cDxsPG9uY2xpY2s7PjtsPFNob3dIaWRlU2VjdGlvbignVVBTTUlfUHJvY2Vzc19Mb25nJylcOzs+Pj47Oz47Pj47Pj47bDxidG5UcmFjazs+PgqCqg5dK4H3lAraES3/cf/YlkUD
Referer: http://www.mysite.com/DirID/Default.aspx
Path: /DirID/Default.aspx
많은 사람들이 러시아 출신이지만 일부는 벨로루시 출신이기도합니다. – m0g
어떤 경우에는 말하기가 더 어렵습니다. 로그에 캡처 된 정보가 충분하지 않아 오류의 원인을 찾을 수 없습니다. – Widor
이제는 .net 1.1이 이것을 기록하지 않을 것이고 갑자기 우리가 업그레이드 할 때 .net 2.0이 모든 로그가 나타납니다. – m0g