Hello, I noticed this error messages in my umbraco 9 log:
May 31, 2022 10:34:25 AM Error vm489217 Keep alive failed (at '"http://www.superbetinsitesi.com/api/keepalive/ping"').
My domain the website is running is completely different, I have never seen this superbetinsitesi.com url before. So my question is, how this foreign url got in my log and why it calls the keepalive api.
If there is no value for umbracoApplicationUrl, Umbraco will use the domain of the first request as the base URL. So if you have a generic binding on your site, if someone updates a domain to point to your site and is the first request this could happen. You want to be sure to set this value in your app setttings to your specific domain if you have a generic site binding.
Keep alive hacked/vulnerability?
Hello, I noticed this error messages in my umbraco 9 log:
May 31, 2022 10:34:25 AM Error vm489217 Keep alive failed (at '"http://www.superbetinsitesi.com/api/keepalive/ping"').
My domain the website is running is completely different, I have never seen this superbetinsitesi.com url before. So my question is, how this foreign url got in my log and why it calls the keepalive api.
(appsettings.json has no url like this)
Thanks
If there is no value for umbracoApplicationUrl, Umbraco will use the domain of the first request as the base URL. So if you have a generic binding on your site, if someone updates a domain to point to your site and is the first request this could happen. You want to be sure to set this value in your app setttings to your specific domain if you have a generic site binding.
https://our.umbraco.com/documentation/Extending/Health-Check/Guides/FixedApplicationUrl
Also, there was a securiy alert somewhat related to this a few months ago you might want to check out.
https://umbraco.com/blog/security-advisory-january-20-2022-medium-severity-security-vulnerability-identified-in-umbraco-cms/
Thanks for answer, Kevin!
is working on a reply...