Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at

  • Charlie 14 posts 94 karma points
    Jun 13, 2018 @ 19:12

    Getting requests to App_Data/cache should I be worried?


    I have had an Umbraco site up for a few months now. I am using Elmah to track errors. I saw some requests from Romania last night, that made me kind of nervous. So I looked through my IIS logs. I see several calls from that same IP to /app_data/cache/1/f/3/b/a/f/1f3baf82bda35ced7b05720db3c44f9250837656.png

    If I go there myself I get a 404, my web.config is setup to not allow requests to app_data, but If I look at my folder structure that is a valid path. So I am curious how they new how to find that, and if I should take any further steps to prevent this.


  • Nik 869 posts 3467 karma points MVP c-trib
    Jun 13, 2018 @ 23:04

    Hi Charlie,

    In theory (and I'd have to do some research to double check), app_data shouldn't be browseable externally. I believe IIS will catch all those errors and throw up the 404 you are seeing or kill the requests.

    However, as you say, it's concerning that the requests are coming in to what would be a correct path. That is the area I would investigate. I'd start by checking your server is actually secure, as the only way I know of to find that path is to find it locally and then try it in a browser. If you server is compromised then you might have a bigger concern (not trying to scaremonger and someone might tell me I'm wrong). Then I'd also look at what other URL's that IP has been trying. That might give you insight into the sorts of things they are looking at. You can then test all of theses and see if you get anything you shouldn't.

    With regards to preventative steps, that's hard in the sense you need to find out how first. Then you can identify your preventative steps. However, there is a great video and slide set about securing your Umbraco site from Code Garden 2018, so definitely check it out:


Please Sign in or register to post replies

Write your reply to: