0

My Site's error log is filled with these errors:-

This is an invalid script resource request. Invalid viewstate. Invalid character in a Base-64 string. Invalid length for a Base-64 char array.

All these errors are appearing at least 100 times a day.

After doing some RnD on internet i have done following things:-

1- define machine key in my web config. 2- created robots.txt file and add ScriptResource.axd file in that.

Can some one guide me what I am missing or doing wrong.

Zeeshan Umar
  • 502
  • 2
  • 6
  • 12

1 Answers1

1

  1. First Possible Reason
    I have see some crawlers that remove the verify key on the end of the files, or convert it to small case, so this have as result to get this error.

  2. Second Possible Reason
    Some one test and search your pages for weak points and entry ways to your back data.

On the log you can see how they call the ScriptResource.axd and what is the problem on the key. And check what ip make this calls - is the same ?

Some reference.

"Padding is Invalid and cannot be removed" exception on WebResource.axd

CryptographicException: Padding is invalid and cannot be removed and Validation of viewstate MAC failed

one more, I do not think that its need to add ScriptResource.axd on robots and remove it from search (I mean that this is not actually the problem) - how ever its not bad idea.

Community
  • 1
  • 1
Aristos
  • 66,005
  • 16
  • 114
  • 150
  • i will try to check what is mentioned in your answer and let you know. Thanks for answer – Zeeshan Umar Jun 17 '10 at 14:21
  • I have implemented all the things which are mentioned in articles above. Now rate of error is reduced i.e. previously those errors were appearing 100+ times a day and now they are appearing around 10-30 times a day. Any other suggestions. – Zeeshan Umar Jun 28 '10 at 04:33
  • @Zeeshan Umar you do not need to reduce them to zero. If the error come from the crawler then you have nothing to do. – Aristos Jun 28 '10 at 06:35
  • I am still getting daily around 40-50 errors. This rate is too high. can someone help me. – Zeeshan Umar Aug 11 '10 at 11:15
  • @Zeeshan can you check the ip that comming from ? if its the same, then its a crawler that read false your page. – Aristos Aug 11 '10 at 11:49