An attacker recently ran what looks like a series of automated scripts over our Umbraco 6.1.6 website, trying typical things like cross site scripting or SQL injection attacks.
One thing that stood out was hundreds of POST calls to /umbraco/RenderMvc. What does this controller action do? What might they have been trying to accomplish? Most returned 500 errors ("There is not current PublishedContentRequest, it must be initialized before the RenderRouteHandler executes"), but there were some successful 200 responses. Unfortunately we don't have logs of what they POSTed or what the result was.
I am looking at over 100k request in the last 16 hours to /umbraco/rendermvc/
Someone thinks it is juicy.
The logged user agents are masked as a variety of web crawler bots. But I doubt not only Google's and Bings bots, but at least four other chose to hit the site at exactly the same time.
POSTs to /umbraco/RenderMvc
An attacker recently ran what looks like a series of automated scripts over our Umbraco 6.1.6 website, trying typical things like cross site scripting or SQL injection attacks.
One thing that stood out was hundreds of POST calls to /umbraco/RenderMvc. What does this controller action do? What might they have been trying to accomplish? Most returned 500 errors ("There is not current PublishedContentRequest, it must be initialized before the RenderRouteHandler executes"), but there were some successful 200 responses. Unfortunately we don't have logs of what they POSTed or what the result was.
I am looking at over 100k request in the last 16 hours to /umbraco/rendermvc/
Someone thinks it is juicy.
The logged user agents are masked as a variety of web crawler bots. But I doubt not only Google's and Bings bots, but at least four other chose to hit the site at exactly the same time.
is working on a reply...