|
Home > Archive > Microsoft Content Management Server > October 2006 > Security Scan Problem
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Security Scan Problem
|
|
| jake.jester@gmail.com 2006-10-25, 1:26 pm |
| Hi,
A security scanner is making large numbers of request to our CMS
server, See examples at the end of this message. It recognizes these
URLs as CMS urls and tries to look for them in the database, and cant
find them. This causes the application to write an application event
log warning about not being able to find the item requested.
I would like to get official confirmation that these security scans, if
done rapidly enough, could cause serious performance issues with the
CMS site.
Also, does this resource not found application log entry also cause the
same performance problems as detailed here:
http://blogs.technet.com/stefan_gos.../25/408178.aspx
Example requests:
/NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/portal.php
/NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/viewheaders
/NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/private.php
/NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/showteam.php
/NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/showthread.php
/NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/stats.php
They are basically common problematic security URLs in various
products. Silly to be scanning a CMS server for .php vulnerabilities
though, if you ask me....
Thanks
Jake Jester
| |
| Stefan Goßner [MSFT] 2006-10-26, 1:14 pm |
| Hi Jake,
these can indeed cause significant performance problems if they are not for
existing resources.
The reason is that the items for these URLs cannot be found in the MCMS
memory cache - as they don't exist.
So the MCMS ISAPI filter has to go to the database and check if the item is
in the database and this is a huge overhead compared with items that can be
served from the cache.
You should avoid to do such requests to non existing items against a MCMS
server.
Cheers,
Stefan
<jake.jester@gmail.com> wrote in message
news:1161800708.911986.141860@i3g2000cwc.googlegroups.com...
> Hi,
>
> A security scanner is making large numbers of request to our CMS
> server, See examples at the end of this message. It recognizes these
> URLs as CMS urls and tries to look for them in the database, and cant
> find them. This causes the application to write an application event
> log warning about not being able to find the item requested.
>
> I would like to get official confirmation that these security scans, if
> done rapidly enough, could cause serious performance issues with the
> CMS site.
>
> Also, does this resource not found application log entry also cause the
> same performance problems as detailed here:
>
> http://blogs.technet.com/stefan_gos.../25/408178.aspx
>
>
> Example requests:
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/portal.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/viewheaders
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/private.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/showteam.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/showthread.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/stats.php
>
>
> They are basically common problematic security URLs in various
> products. Silly to be scanning a CMS server for .php vulnerabilities
> though, if you ask me....
>
> Thanks
> Jake Jester
>
|
|
|
|
|