10-26-06 06:14 PM
Hi Jake,
these can indeed cause significant performance problems if they are not for
existing resources.
The reason is that the items for these URLs cannot be found in the MCMS
memory cache - as they don't exist.
So the MCMS ISAPI filter has to go to the database and check if the item is
in the database and this is a huge overhead compared with items that can be
served from the cache.
You should avoid to do such requests to non existing items against a MCMS
server.
Cheers,
Stefan
<jake.jester@gmail.com> wrote in message
news:1161800708.911986.141860@i3g2000cwc.googlegroups.com...
> Hi,
>
> A security scanner is making large numbers of request to our CMS
> server, See examples at the end of this message. It recognizes these
> URLs as CMS urls and tries to look for them in the database, and cant
> find them. This causes the application to write an application event
> log warning about not being able to find the item requested.
>
> I would like to get official confirmation that these security scans, if
> done rapidly enough, could cause serious performance issues with the
> CMS site.
>
> Also, does this resource not found application log entry also cause the
> same performance problems as detailed here:
>
> http://blogs.technet.com/stefan_gos.../25/408178.aspx
>
>
> Example requests:
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/portal.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/viewheaders
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/private.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/showteam.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/showthread.php
>
> /NR/rdonlyres/701CA9D5-DB45-47BA-8728-C9F71B11065F/0/stats.php
>
>
> They are basically common problematic security URLs in various
> products. Silly to be scanning a CMS server for .php vulnerabilities
> though, if you ask me....
>
> Thanks
> Jake Jester
>
[ Post a follow-up to this message ]
| 
