Potentially dangerous Form value (Asp.net attack using fault page)

Question

I have health monitor running over my ASP.NET site, I have seen a multiple attacks on my site using

http://SiteName/Page.aspx/Comment.asp?Id=76 (each request the ID is changing)

Comment.asp page is not a part of my site, it is been used by attacker not sure what it does. If I open my site appending comment.asp(http://sitename/page.aspx/comment.asp?id=1) the result is my aspx page which is strange to me. on my page.aspx pageload event I am trying to catch the request.URL where comment.asp doesn't appearing in this case.

Request exception details:

Do I have to worry for such attacks,how can I prevent them. I have given already IP restrictions but each time the request is coming from different IPs. However I haven't seen any implications of this attack over my site. as per the IP all the bad requests are coming from China(as per IP finder).

at ASP.xxxxxxxx_aspx.ProcessRequest(HttpContext context)

what is the above line in the stack trace? thats my aspx page, asp.net engine process like that? haven't seen that.still everyday I get this attack with dangerous form value detected notification through healthmonitor.

Answer 1

First of all, does Page.aspx/Comment.asp?Id=76 make sense for your application? If not, it might be that the requests you see are coming from a botnet that tries to find an explicit exploit or unprotected content in the wild. Now and then it comes along your url and you will find the entry in your log as shown. I had such things on my website daily