WhiteSites Blog
Debugging Faulting Application w3wp.exe Crashes

Debugging Faulting Application w3wp.exe Crashes

May 31, 2011 by Paul White

If your websites are going down, due to your application pool failing, or being automatically shut down after a few application errors, then you have a major problem on your hands.  In my case the symptom was A process serving the application pool suffered a fatal communication error with the Windows Process Activation Service, in my system logs.  If you have each website running in its own application pool then you know which website is going down, but the errors being displayed give you no hints as to the cause.  I recently had a website that was randomly going down.  Sometimes it would go down every few days, and other times it would only crash once a month.  So I finally did some digging for the cause, and found it.  If you don't know where to start in debugging your crashed application pools, this might help.

Read
36 Comments
208838 Visitors
208838 Views

Website Security Tip remove catch all bindings

May 23, 2010 by Paul White

A few months ago I noticed that one of my clients websites seemed to be getting spikes of traffic.  However with spikes in traffic most clients would report an increase in sales or business.  When looking at the stats server, the requests were for pages and files that were not even on the server, and were for technologies ( PHP ) that I do not run on m box.  If you see requests for files like /prx2.php, /phpmyadmin/config/config.inc.php, /roundcubemail/readme, or /webmail/readme.  You might want to read this article.

Read
4952 Visitors
4952 Views

Hacker Attacks and Invalid character in a Base-64 string

Jan 13, 2010 by Paul White

On my websites I have them setup to email me anytime a server error happens.  If you ever get an error like "Invalid character in a Base-64 string",  This is likely a hacker attack.   In my case it was on the members login on my client's website.  I logged in and shut down the site.  10 minutes later I started it back up and the hacker had left.  Interesting is what the HTTP RAW data reveled.

HTTP_X_FORWARDED_FOR:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37 HTTP_PROXY_CLIENT_IP:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37 HTTP_CLIENT_IP:84.0.182.175, 84.0.162.91, 84.0.237.176, 84.0.228.6, 84.0.220.100, 84.0.147.233, 84.0.159.1, 84.0.84.37

Never seen these values before.  According to the logs the IPs were from hundreds of compromised systems. However they all had these values in common.   I am going to add a rule to detect the Class A IP in the 80.x.x.x block in the HTTP_X_FORWARDED_FOR, and block.  Hopefully this helps some other people out

Read
3920 Visitors
3920 Views

MX records being used to block spam

Apr 20, 2009 by Paul White

Recently I have noticed that the open rates of a few of my client's newsletters are going down.  This is leading me to believe that most free mail servers are using yet another litmus test to detect and block spam.  Unfortunately those of us with legit bulk emails campaigns are also feeling the pinch. 

Read
4109 Visitors
4109 Views

Windows 7 to increase hardware sales

Dec 19, 2008 by Paul White

Windows 7 logoWith the huge disappointment of Windows Vista. Microsoft needs to make waves with the highly anticipated Windows 7 OS.  There have been several rumors, some of which could have a huge impact on sales for hardware manufacturers.  Keep in mind there are just rumors.  But if true Microsoft may been a good company to invest  come June 2009.

Read
3632 Visitors
3632 Views

Most Software still does not Utilize Multicore Chips

Dec 14, 2008 by Paul White

Normally when you upgrade your computer to some new wild multicore chip, as I did with the Intel i7.  You would expect some dramatic performance results.  Unfortunately it would seem that most software was not written to take advantage of the multiple cores.  Read more for an in depth rant about software and the intel i7

Read
4442 Visitors
4442 Views

MySQL Got an error reading communication packets

Dec 10, 2008 by Paul White

Aborted Connection to db. If you have ever had this little error in MySql and asp.net, you have most likely spent countless hours googling for an answer.  I have your answer read more the solution.

Read
3 Comments
15901 Visitors
15901 Views

SQL injection IP blacklist from the botnet

Aug 26, 2008 by Paul White

The BotNet seems to be growing faster than ever.  I have included a list of all the IPs, I have caught attempting SQL injection via querystring.  If you have your own blacklist, feel free to add these to your list.

Read
5098 Visitors
5098 Views

protecting against SQL injection attacks using querystring

Aug 15, 2008 by Paul White

If you run a website that is based on SQL, or MySQL. This is a must read.  Some of my websites recently have been under attack by bots that are trying a new method of SQL injection attack. 

Read
5573 Visitors
5573 Views

HTTP black lists stop comment spammers

Jun 4, 2008 by Paul White

I got sick of seeing failed viewstate in my event logs. so I wrote some code that checks visitors against a HTTP blacklist.  I found that one of my blacklists was full of false positives.  Not that the given IP wasn't abusive at one point in time but I found it was full of proxies of which are frequently used by legitimate users.  After comparing some user logs I found that I was blocking a few of my member.  The HTTP blacklist from Project Honey Pot works, but had the problem with proxies as I stated above.  However one that I have had much better luck with is the one by stopforumspam.com.
If you are looking to stop comment spammers from seeing your site, I highly recommend them.  Read on for a code snippet that shows how I implimented this block

Read
3375 Visitors
3375 Views