.net - Checking URL And Kicking Out Of The Site Malicious Requests?
Apr 10, 2012
I have a site developed using vb.net 2.0. It has a URL of like [URL]..I want to avoid any malicious requests using other URLs. I have tried to implement using the code below and would like to kick such requests out of the site on the page load. How can I achieve this?
If (urlParams.Contains("http") And
Not urlParams.Contains(Request.ServerVariables("HTTP_HOST").ToString)) Then
Would like to kick out of the site here.
End If
I am new to the forum. This looks like a cool site! I have a bit of experience in VB .Net, but not with threads or backgroundworker processes. I am sorry that the description is so long, I tried to make it as short as I can, but it is rather complicated. Here goes:
Is there a function or something that is built into VB.NET so that when I save a text field (of a user's input), malicious code isn't being executed in the process.
I'm suspicious my spouse is cheating. In the past few months he has systematically locked me out of all of his social media accounts shortly after getting a job with a group of female secretaries that travels for a week at a time. He has been dodging or non-communicative when confronted about this.url...
The only way to avoid interaction with antispyware is to create it myself.I understand that copying text or something into an open notepad session or the clipboard is out of the question; however I'm pretty sure that I could create a (fairly) simple script that does the following:[code]I know this is extremely inneficient but this is the most covert way i can think of, a simple wscript that runs on startup and creates these .txt files in an important looking place (windows/config/system/logs/win32 - example)
I found a VB WebCam program from Africa on this site [url]
However one of the instructions is to "add a reference to WebcamControl.dll ". I've researched that .dll and it appears to be able to "Silently record users' sensitive personal information, identity details and business files, make traces of the users' online activities and browser habits and then transmit them to insecure remote servers".
I haven't downloaded this .dll or found a location to download it. Am I correct in assuming this program was designed with malicious intent?
How to avoid aiding the development of malicious code I see an uncomfortable number of questions asking for info that could easily be put to malicious use. You can probe the OP to discover their intent, and you get replies that come in one of two flavors.
I have come to realize that trying to discover their intent is a waste time. Not because of the reactions, but their intent is really irrelevant to the matter at hand. Security. Posting code of any nature in a public forum that can be abused for malicious purposes is outright reckless. I wish could provide the help they request, but I don't know most of those programming tricks anyway. I would discourage anyone from publicly posting code that could be perverted no matter what the person asking for it claims. Their claims take a back seat to common sense. Anyone can read the post, people. Don't post anything that could become part of someone's malicious software in public.
A open conversation thread on this topic exists at[url]...
I would like to ask our community to take a brief moment to consider the outcome of answering a question before doing so. Sometimes a question can lead down a path to examples of how to create malware applications, and that is something we want to try to avoid. There are a few key things we can watch out for which would often indicates a question about malicious code intent.
First, watch for requests to do network communications that violate one or more RFC documents (e.g. How do I spoof my IP address?). Second, watch for requests on automating other websites - a quick check of the other site's AUP or TOU will typically tell you if the automation is permitted. Third, watch for requests that appear to want to harvest data from the web, without following the typical procedures for a web crawler (bot).[code]...
I am creating an application that will compile code at runtime and then execute that code. My worry is this: Someone might make a malicious script, that deletes files for example. Is there an option in VB.NET that prevents Kill statements and other file operations from executing? Maybe a kind of 'security' feature? If not, is there another approach that I should take?
I am not sure if this is possiable but I am looking to build an application that will login to a web site, navigate the site and download files. I would like to do this all in code and able to run multiple instances of the program to get information from many different web sites. Is something like this possiable in VB.net?
Ive got an app that holds a list of site we have, At each site there are a few devices. The idea is when they click on a site all the details for the site are loaded and then a second thread sits and pings each device to see if its live. Im trying to do this in a seperate thread so if they click another site while its still pinging them it doesn't wait before it switches site. This all seems to be workling fine except if you click through the sites quickly, when you do that it will eventually come up with
Quote:
{"Collection was modified; enumeration operation might not execute."}
The error flags up on the "Next" line in "ThreadedPing"
Thread stuff
Public Sub ThreadedPing(ByVal dt As DataTable) Try
When i publish my program i choose to let the application check for updates via a website and if their is one update automatically when the program starts. Is their a way were on the main user form i can make it so that the user can change the update site with out me building the program again with the new site. I want to do this becuase the site i use goes down alot so when i changed the update url no one was able to download the update for the new update server.
I'm deploying a VB.Net app (VS 2010 Pro) that requiers the user click a command button to open IE to a financial WEB site and download informaion from the site. The app works fine in every detail when installed on the development computer. But, on the target computer when the command button is clicked an unhandled exception occurs which says: System.IO. FileNotFoundException:File Not found.My code behind the button is Shell("C:Program Files (x86)Internet Exploreriexplore.exe www,fidelity.com",AppWinStyle.NormalFocus)
This works fine on the development computer. Do I need a way to code this as a relative path? If so,can you tell me how this is done?Throughout the app I have written relative paths to needed files using paths like (Open(Environment. GEtFolderPath (Environment. SpecialFoldder.Desktop) + "File Name). They all work fine when deployed.
I'm being asked to maintain several internal-only web apps for my company. For testing, after making my changes, I've created some staging sites which make use of separate databases. As such, if my users were to mistakenly use this site as if it were the production site, they may enter important data and wonder where it "disappeared" to thinking it was the production server.
I'd like to create a big banner of some sort across the top of the staging site (which ONLY appears on the staging site) to remind my users that they are on the test site. I'd like recommendations on the best way to do this, with the following considerations:
IDE: Visual Studio 2008 Server: Windows 2003 with IIS 6 Language: VB.NET 2.0
when i am surfing in one site,i want to see the another URL...without going URL directly access the login......for example this is the login page url i want know automatic login to this page [URL]
I have a website and say a user comes along and fills out the form with bogus data. Then after he fills it out, he enters another one and another one and another one of bogus data. He's basically just trying to clog up the data base.
How is the best way to combat this? Would it make sense to when they submit the data track the IP address?
I'm writing a web crawler for a specific site. The application is a VB.Net Windows Forms application that is not using multiple threads - each web request is consecutive. However, after ten successful page retrievals every successive request times out. I have reviewed the similar questions already posted here on SO, and have implemented the recommended techniques into my GetPage routine, shown below:
I'm wanting to write a program in vb .net that could monitor outgoing print requests from any program on the PC, prompt the user if they would like to add a header to the document, and if they say yes, then tack it on (if the user has printed something in the space where the header will go, just print on top of it). Is this possible? I've looked around for ideas on how to do this, but I can't seem to find anything.
this is general to any operation calling an SQL server, or anything requiring an open connection at that.
Say I have anywhere from 20 to 1000 Select calls to make for each item in data being looped. For each step, I'll select from sql, store data locally in a struct, then proceed. This is not a very expensive call, so should I keep the connection open for the entire loop? Or should I open and close every step?
How expensive in run time is opening a connection? I would think it'd be better to keep the connection open, but would like to get the correct response for this.
while using HTTP web Requests, when i try and read the stream i always get an error saying 403 Forbidden but if i try to do it in the VB.Net web browser it works fine. Here is my code:
I have a server making a head request to a database dump I've created. The remote server does this to make sure that it's not using excessive bandwidth when not necessary.However, due to some other circumstances outside my control this causes the script to be hit twice: once for the head request, and then another time to download the data.
What I'd like is to have the script I've written detect the head request, send back a couple of headers (e.g. last modified is right now, filesize different than before), and exit. Is there a way to do this?
I have a server making a head request to a database dump I've created. The remote server does this to make sure that it's not using excessive bandwidth when not necessary.However, due to some other circumstances outside my control this causes the script to be hit twice: once for the head request, and then another time to download the data.
I have a web service I'm trying to interface with however no matter what I try it is refusing to send the clients credentials along with the request.The security block in my app.config looks like
In VB.Net, how do I make a program to tap into the HTTP requests made by external web browsers? I don't want to edit or stop the headers, only 'read' them, i.e., access its contents. I'm speaking of something like Fiddler2, but I only want the 'reading' part. I also want to read the user-agent.
i'm just sending a normal POST request using Ajax.BeginForm... i output the form elements using the TextBoxFor and .HiddenFor etc... all as i should... and when it's posted via ajax to my action method, the object in the action method (named "Comment") is not populated with the values! [code...]
My winforms application is consuming webservices that run on an older PHP server, which is why i often get an XML parsing error from the service class when i invoke its members.
how do I get to see the faulty XML so that I may correct it on the PHP server - the thrown exception clearly states the position of the error in the XML, but it doesn't help without the XML.
I've been writing an application that deals with various system files as well as registry keys. For permission reasons, my application currently runs as administrator. But this isn't really necessary for my main application window, nor is it very appealing for the UAC dialog to pop up everytime my application is started. I've noticed frequently that for some programs, such as AVG, the UAC shield shows up on several buttons throughout the program, the clicking of which does bring up the UAC prompt. But the application as a whole does not demand administrator rights, these rights are only requested as needed. How to isolate security upgrade requests to certain controls and/or methods.
