0

All the errors that occur in our web application is logged to a database, and I'm finding a 404 error occurring hundreds of times in the last month. The page users are attempting to access is "https://companysite.com/applicationsite/:/0"

The application is a classic ASP site with some ASP.NET MVC 3 included through i-frames, although this error appears to be occurring on the classical ASP side judging by the URL.

I've done a search through the entire code (classic and .NET) for the string ":/0" but I'm not seeing anything. I'm at a loss at how this error is occurring. It is happening too often and for too many users to be intentional.

Would anyone happen to know why users are getting this error? Unfortunately I only have the database logs so I'm not really user how to reproduce this error, nor do I know how users are coming across it.

user1287523
  • 967
  • 3
  • 14
  • 31
  • Hard to say without any code. Use a tool like Fiddler or the network sniffers in the Developer Tools under all modern browsers. Browse your site and analyze the pages where you see the 404. Another way is to capture the request headers for that request on your server. What is the UserAgent and Referrer for this request? – Niels V May 30 '13 at 20:54
  • Have you tried turning IIS logging on and tracing through that? – Paul May 30 '13 at 21:30

1 Answers1

0

I would suspect that someone (outside of your site) is hitting that URL, which does not exist.

It could simply be that a spider has that URL indexed and is trying to crawl it. Or maybe that is a path to some application that has a vulnerability and someone is testing to see if you are running that application.

Try logging the IP address of where the request is coming from and also the User-Agent. If it is a web crawler, you should be able to see it in the User-Agent.

You could also block the IP address from accessing your site.

Andy T
  • 10,223
  • 5
  • 53
  • 95
  • the issue is that, based on the error logs, these people have successfully logged in and authenticated already when getting the error. – user1287523 May 31 '13 at 12:50
  • Yes this is most likely hacking attack to try and see the source code on the pages. See [here](http://stackoverflow.com/q/3342443/447356) it's explained nicely. (worth adding to your answer) @user1287523 FYI as well. – Shadow The GPT Wizard Jun 02 '13 at 07:10