One of our customers had a vulnerability attack posting thousands of forms in a short matter of time. Umbraco performed fine during the attack, but there were side effects.
When browsing the entries of the form attacked from backend, we can't browse between page 5 and 10 if we select 100 pr page. If we try to browse eg. page 5, Contour just hangs at "Processing...". Same thing happens if we try to show 1000 records instead of 100. So it seems that someone inserted something into the database that Contour doesn't like and/or doesn't escape correctly.
To start out with, we did a db backup. Then to debug this we tried to figure out the database structure and relationships and got to the place where we replaced all affected string and stringLong with a dash instead of the ugly data. That however didn't help, same problem in backend. We suspected that the fieldXML table was actually what Umbraco used to show the data, so we deleted all the records with faulty data and the problem was "solved". We could now export the rows we needed from the backend and restored the backup afterwards to not f*** with Contour.
So my question is now: How do we fix this properly without damageing anything?
Vulnerability attack crippled Contour
One of our customers had a vulnerability attack posting thousands of forms in a short matter of time. Umbraco performed fine during the attack, but there were side effects.
When browsing the entries of the form attacked from backend, we can't browse between page 5 and 10 if we select 100 pr page. If we try to browse eg. page 5, Contour just hangs at "Processing...". Same thing happens if we try to show 1000 records instead of 100. So it seems that someone inserted something into the database that Contour doesn't like and/or doesn't escape correctly.
To start out with, we did a db backup. Then to debug this we tried to figure out the database structure and relationships and got to the place where we replaced all affected string and stringLong with a dash instead of the ugly data. That however didn't help, same problem in backend. We suspected that the fieldXML table was actually what Umbraco used to show the data, so we deleted all the records with faulty data and the problem was "solved". We could now export the rows we needed from the backend and restored the backup afterwards to not f*** with Contour.
So my question is now: How do we fix this properly without damageing anything?
Comment author was deleted
Hey,
Any chance I can have a look at the db (with the attack data still in there), if you could mail it to tg at umbraco dot com that would be great
Thanks,
Tim
is working on a reply...