5

My website is throwing the below exceptions everyday and i couldn't find the solution. i did few research in web and this is what i do so far. adding below option to aspx won't solve the problem.

ValidateRequest="false" EnableEventValidation="false" ViewStateEncryptionMode="Never" EnableViewStateMac="false"

Also, my Referral Url is the correct URL and i have no idea how it redirect with two (same) parameters. there is no such link in my referral page. Please help.

ERROR LOG

URL : http://www.abcd.com/company-details.aspx?com=asia-pacific-pte-ltd&com=asia-pacific-pte-ltd

referral URL : http://www.abcd.com/companies/asia-pacific-pte-ltd/

Inner Exception Type: System.Web.UI.ViewStateException

Inner Exception: Invalid viewstate. Client IP: 192.162.19.193 Port: 1966 User-Agent: Opera/9.80 (Windows NT 6.1; WOW64; MRA 6.0 (build 6001)) Presto/2.12.388 Version/12.11 ViewState: /wEPDwULLTEyMTAyMTY3NDAPZBYCAgMPZBYOZg8QDxYGHg1EYXRhVGV4dEZpZWxkBQdDb3VudHJ5Hg5EYXRhVmFsdWVGaWVsZAUNQ2xlYW5fQ291bnRyeR4LXyFEYXRhQm91bmRnZBAVCgNBbGwFQ2hpbmEJSG9uZyBLb25nBUluZGlhCUluZG9uZXNpYQhNYWxheXNpYQtQaGlsaXBwaW5lcwlTaW5nYXBvcmUIVGhhaWxhbmQHVmlldG5hbRUKA0FsbAVjaGluYQlob25nLWtvbmcFaW5kaWEJaW5kb25lc2lhCG1hbGF5c2lhC3BoaWxpcHBpbmVzCXNpbmdhcG9yZQh0aGFpbGFuZAd2aWV0bmFtFCsDCmdnZ2dnZ2dnZ2dkZAIBDxAPFgYfAAUISW5kdXN0cnkfAQUOQ2xlYW5fSW5kdXN0cnkfAmdkEBXFAgNBbGwSQWR2YW5jZWQgTWF0ZXJpYWxzC0FkdmVydGlzaW5nCkFlc3RoZXRpY3MLQWdyaWN1bHR1cmUkQWdyaWN1bHR1cmUgLSBBZ3JpY3VsdHVyYWwgTWFjaGluZXJ5G0FncmljdWx0dXJlICYgRm9vZCBQcm9kdWN0cxBBaXItY29uZGl0aW9uaW5nHUFpci1maWx0cmF0aW9uICYgUHVyaWZpY2F0aW9uB0FpcnBvcnQJQWx1bWluaXVtFEFuYWx5dGljYWwgRXF1aXBtZW50GkFuYWx5dGljYWwgSW5zdHJ1bWVudGF0aW9uFUFuYWx5dGljYWwgVGVjaG5vbG9neRZBbmQgSW50ZXJpb3IgRGVzaWduZXJzEUFuaW1hbCBQcm9kdWN0aW9uCEFudGlib2R5KUFwc...

Inner Source: 

Exception Type: System.Web.HttpException

Exception: The state information is invalid for this page and might be corrupted.

Stack Trace: at System.Web.UI.ViewStateException.ThrowError(Exception inner, String persistedState, String errorPageMessage, Boolean macValidationError) at System.Web.UI.HiddenFieldPageStatePersister.Load() at System.Web.UI.Page.LoadPageStateFromPersistenceMedium() at System.Web.UI.Page.LoadAllState() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) at System.Web.UI.Page.ProcessRequest() at System.Web.UI.Page.ProcessRequest(HttpContext context) at ASP.exhibition_details_aspx.ProcessRequest(HttpContext context) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\root\0f461847\442b0502\App_Web_bfjqxdef.20.cs:line 0 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

UPDATE i have fixed the error by compressing the ViewState from below link http://www.codeproject.com/Articles/14733/ViewState-Compression

and fixed the Invalid length for a Base-64 char array error by replacing the original method with this.

protected override object LoadPageStateFromPersistenceMedium()
    {
        string viewState = Request.Form["__VSTATE"];
        viewState = viewState.Replace(" ", "+");

        int mod4 = viewState.Length % 4;
        if (mod4 > 0)
        {
            viewState += new string('=', 4 - mod4);
        }
        byte[] bytes = Convert.FromBase64String(viewState);
        bytes = Compressor.Decompress(bytes);
        LosFormatter formatter = new LosFormatter();
        return formatter.Deserialize(Convert.ToBase64String(bytes));
    }

Thanks everyone for help :)

bluebird
  • 53
  • 1
  • 1
  • 5

2 Answers2

6

I am sorry that say that but your site did not have anything worng, and you need to re-enable your EventValidations as soon as possible.

What you see is an attempt to hack your site by sending many test numbers with your ViewState trying to find your hash key.

The IP you give have a big list of activity the last few days.

Now, alternative what may cause this error is the breaking of the ViewState. You can compress it and split it if you have too big ViewState. You can also disable all the controls that not needed. Also you can add a log to see from inside what's is going on right on a base page.

Aristos
  • 66,005
  • 16
  • 114
  • 150
  • 1
    I removed these EnableEventValidation="false" ViewStateEncryptionMode="Never" EnableViewStateMac="false" and compressed it from the link you gave me and it solved the problem. thank you very much :) – bluebird May 07 '13 at 09:38
  • i am getting this errors now though, Invalid length for a Base-64 char array. help – bluebird May 08 '13 at 01:59
  • @user597729 If you see it on the log only, check the IP, as I say you its probably a hack try and you do not need to worry. If you see it as user... then maybe its an issue. – Aristos May 08 '13 at 06:54
0

yes it works for me too

here in vbnet

Compressor.vb

Imports System.IO
Imports System.IO.Compression
Public Class Compressor

Public Shared Function Compress(ByVal data() As Byte) As Byte()
    Dim output As MemoryStream = New MemoryStream
    Dim gzip As GZipStream = New GZipStream(output, CompressionMode.Compress, True)
    gzip.Write(data, 0, data.Length)
    gzip.Close()
    Return output.ToArray
End Function

Public Shared Function Decompress(ByVal data() As Byte) As Byte()
    Dim input As MemoryStream = New MemoryStream
    input.Write(data, 0, data.Length)
    input.Position = 0
    Dim gzip As GZipStream = New GZipStream(input, CompressionMode.Decompress, True)
    Dim output As MemoryStream = New MemoryStream
    Dim buff() As Byte = New Byte((64) - 1) {}
    Dim read As Integer = -1
    read = gzip.Read(buff, 0, buff.Length)

    While (read > 0)
        output.Write(buff, 0, read)
        read = gzip.Read(buff, 0, buff.Length)

    End While

    gzip.Close()
    Return output.ToArray
 End Function
End Class

and this you paste inside default.aspx it needs

Imports System.IO

  Protected Overrides Function LoadPageStateFromPersistenceMedium() As Object
    Dim viewState As String = Request.Form("__VSTATE")
    Dim bytes() As Byte = Convert.FromBase64String(viewState)
    bytes = Compressor.Decompress(bytes)
    Dim formatter As LosFormatter = New LosFormatter
    Return formatter.Deserialize(Convert.ToBase64String(bytes))
End Function

Protected Overrides Sub SavePageStateToPersistenceMedium(ByVal viewState As Object)
    Dim formatter As LosFormatter = New LosFormatter
    Dim writer As StringWriter = New StringWriter
    formatter.Serialize(writer, viewState)
    Dim viewStateString As String = writer.ToString
    Dim bytes() As Byte = Convert.FromBase64String(viewStateString)
    bytes = Compressor.Compress(bytes)
    ClientScript.RegisterHiddenField("__VSTATE", Convert.ToBase64String(bytes))
End Sub
rom m
  • 91
  • 1
  • 3