Windows Azure application - Hack attempt?

Question

We have our application hosted in Windows Azure and it is working well. Recently we have started seeing some suspicious requests to our application. Requests are for resources that don't exist in our application.

We have started seeing exceptions like :

Message: The file '/a1b2c3d4.asmx' does not exist.

Message: The file '/CrystalReportWebFormViewer2/crystalimagehandler.aspx' does not exist.

Message: The file '/login.aspx' does not exist.

Message: This is an invalid webresource request.

We dont have any .asmx files or Crystal Reports in our application. Additionally, all the requests are coming from 100.69.14.169 which doesn't exist at all.

This is happening frequently now. We are not sure if this is an hacking attempt or some automated scripts trying something with our Azure application.

Could you please help us to understand what these requests are and how to stop them?

Answer 1

In the web.config file, you can use the requestFiltering element to apply a behavior to the request.

It allows you fairly extensive control. The only difference is that on Azure this functionality is implemented via the web.config rather than through a management console.

You can use the filteringRules's denyStrings element to define sequences where your app should return a 404 in response.

   <system.webServer>
        <security>
            <requestFiltering>              
                    <filteringRules>
                        <filteringRule name="BlockAUrl" scanUrl="true" scanQueryString="false">
                            <denyStrings>                                   
                                <add string="/Manage/ScriptKitty/Attempted/Login.aspx" />
                            </denyStrings>
                        </filteringRule>
                    </filteringRules>               
            </requestFiltering>
        </security>
    </system.webServer>