事件日志 - Viewstate验证失败

时间:2011-08-03 13:48:20

标签: asp.net iis viewstate event-log web-farm

最近我们将系统从.net 1.1升级到.net 2.0。由于这样做,我们在事件日志中遇到错误,每分钟都有以下错误。这很奇怪,但所有客户端或用户主机地址似乎都指向俄罗斯或白俄罗斯等东欧国家。它是一个日志记录问题还是合法地试图破解或某事的人? - 

Information 8/2/2011 15:02  ASP.NET 2.0.50727.0 1316    Web Event   Event code: 4009 
Event message: Viewstate verification failed. Reason: Viewstate was invalid.                    
Event time: 8/2/2011 3:02:36 PM                     
Event time (UTC): 8/2/2011 7:02:36 PM                   
Event ID: e25e0918f9e34bda98abcafadc61a0b6                  
Event sequence: 144401                  
Event occurrence: 5595                  
Event detail code: 50204                    

Application information:                    
    Application domain: OMMITED-OMMITED             
    Trust level: Full                   
    Application Virtual Path: /DirID                    
    Application Path: W:\SITE\DirID\                    
    Machine name: OMMITED-OMMITED                       

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 176.14.136.181 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information: 
    Exception message: Invalid viewstate.                   
    Client IP: 176.14.136.181                   
    Port: 63815                     
    User-Agent: TrackChecker                    
    PersistedState: [KEY1]                  
    Referer: http://www.mysite.com/DirID/Default.aspx                   
    Path: /DirID/Default.aspx                   
-------------------------
Information 8/2/2011 14:57  ASP.NET 2.0.50727.0 1316    Web Event   Event code: 4009 
Event message: Viewstate verification failed. Reason: Viewstate was invalid.                    
Event time: 8/2/2011 2:57:11 PM                     
Event time (UTC): 8/2/2011 6:57:11 PM                   
Event ID: 4d814be560f64258b2c926814fdb10c6                  
Event sequence: 142726                  
Event occurrence: 5536                  
Event detail code: 50204                    

Application information:                    
    Application domain: OMMITED-OMMITED                     
    Trust level: Full                   
    Application Virtual Path: /DirID                    
    Application Path: W:\SITE\DirID\                    
    Machine name: OMMITED-OMMITED    

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 213.87.131.86 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information:                     
    Exception message: Invalid viewstate.                   
    Client IP: 213.87.131.86                    
    Port: 21441                     
    User-Agent:                     
    PersistedState: [KEY1]                  
    Referer: http://www.mysite.com/DirID/Default.aspx                   
    Path: /DirID/Default.aspx                   
-----------
Information 8/2/2011 14:56  ASP.NET 2.0.50727.0 1316    Web Event   Event code: 4009 
Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check.                    
Event time: 8/2/2011 2:56:10 PM                     
Event time (UTC): 8/2/2011 6:56:10 PM                   
Event ID: e20e446446374000bf9ad9c6863192e8 
Event sequence: 142476 
Event occurrence: 5534 
Event detail code: 50203 

Application information: 
    Application domain: OMMITED-OMMITED 
    Trust level: Full 
    Application Virtual Path: /DirID 
    Application Path: W:\SITE\DirID\ 
    Machine name: OMMITED-OMMITED   

Process information: 
    Process ID: 1740 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 

Request information: 
    Request URL: http://www.mysite.com/DirID/Default.aspx 
    Request path: /DirID/Default.aspx 
    User host address: 85.174.246.134 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\SYSTEM 

ViewStateException information: 
    Exception message: Invalid viewstate. 
    Client IP: 85.174.246.134 
    Port: 3957 
    User-Agent: TrackChecker 
    PersistedState: dDwxNTA2NDg4MjAzO3Q8O2w8aTwzPjs+O2w8dDw7bDxpPDE+O2k8OT47aTwxMT47aTwxMz47aTwxNT47aTwxNz47aTwxOT47aTwyMT47aTwyMz47aTwyND47aTwyNT47aTwyNj47aTwzMj47aTwzND47PjtsPHQ8O2w8aTwzPjtpPDE5PjtpPDQxPjs+O2w8dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxOYXZpZ2F0ZVVybDtGb250X0JvbGQ7XyFTQjs+O2w8XGU7bzx0PjtpPDIwNDg+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47Pj47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPHA8bDxWaXNpYmxlOz47bDxvPGY+Oz4+Oz47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PDtsPGk8MT47aTwzPjtpPDU+O2k8Nz47aTw5Pjs+O2w8dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjt0PHA8O3A8bDxvbmtleXByZXNzOz47bDxyZXR1cm4gS2V5UHJlc3NIYW5kbGVyKGV2ZW50KTs+Pj47Oz47dDxwPDtwPGw8b25rZXlwcmVzczs+O2w8cmV0dXJuIEtleVByZXNzSGFuZGxlcihldmVudCk7Pj4+Ozs+O3Q8cDw7cDxsPG9ua2V5cHJlc3M7PjtsPHJldHVybiBLZXlQcmVzc0hhbmRsZXIoZXZlbnQpOz4+Pjs7Pjs+Pjt0PHA8O3A8bDxvbmNsaWNrOz47bDxTaG93SGlkZVNlY3Rpb24oJ1VQU01JX1Byb2Nlc3NfTG9uZycpXDs7Pj4+Ozs+O3Q8cDw7cDxsPG9uY2xpY2s7PjtsPFNob3dIaWRlU2VjdGlvbignVVBTTUlfUHJvY2Vzc19Mb25nJylcOzs+Pj47Oz47Pj47Pj47bDxidG5UcmFjazs+PgqCqg5dK4H3lAraES3/cf/YlkUD 
    Referer: http://www.mysite.com/DirID/Default.aspx                   
    Path: /DirID/Default.aspx

2 个答案:

答案 0 :(得分:2)

前2个请求导致了viewstate验证/验证问题,原因如下: PersistedState:[KEY1] - 这是一个验证错误。

另外 - 你说你已经从.Net 1.1升级到2.0 但是第3个请求中提供的视图状态以“dDw”开头 - 这是.Net 1.1视图状态(对于.Net 2.0,它以“/ wE”开头)

在用户代理中看到“TrackChecker”告诉我某种机器人/抓取工具保存了旧版本的页面(当它们由.Net 1.1生成时 - 包括视图状态),现在它会重新检查您的内容和提交无效的视图状态(.Net 1.1视图状态将在.Net 2.0上失败,原因很明显)

答案 1 :(得分:0)

我在其中一个网站上收到了很多这些Viewstate错误,而且通常是机器人试图发布一些恶意的东西。

我怀疑这里也一样 - 除非你有很多来自白俄罗斯的用户?

如果您修改日志以捕获查询字符串和其他请求参数,那么可以为您提供一些关于(涉嫌)攻击者或不幸用户试图实现的内容的线索。

相关问题
最新问题