ASP.NET website attack: How to respond?

Question

This is the first time I have been faced with someone trying to penetrate a website I have created. What can I do to put a stop to the attempts?

As a side note, their sql injection stands no chance of ever working and there isn't any data that we have that isn't already available by anyone using this site normally.

Appended:

I think the code part is covered for most XSS and sql injection but I am definitely considering a security audit. I was just curious about the response. Am I really only limited to blocking ip addresses?

Answer 1

If you already are protected against SQL injections, you've got a major attack covered. The next biggest threat (in my opinion) would be Cross-Site Scripting (XSS) since it would allow an attacker to have another user do something malicious, making it hard to track that activity.

You should also be aware of Cross-Site Request Forgeries (CSRF), since that is one that many people seem to miss a lot of times.

I would take a look at OWASP's Top 10 Web Security Vulnerabilities and make sure you protect against all 10 them as best as possible. Any one of them could seriously open yourself up to attackers if you aren't careful.

Answer 2

Unless this is your first public website, all of the websites you have worked on were under attack roughly 3 minutes in to being accessible whether you knew it or not.

A couple things you can start doing are:

1. Start blocking the IPs that attacks are coming from. This isn't always feasible as IP addresses frequently change and some types of attacks can work with a spoofed address.

2. Put an intrusion detection system (IDS) in place and start monitoring everything.

3. Verify your firewalls are working correctly and monitor the attack vectors. Make sure everything they are going after is pretty well secured.