Classic ASP cookie with no name hacking attack causing error 80004005
by johna | July 31, 2015 | Classic ASP Web Development
As of July 2015, many of my Classic ASP websites have started logging strange errors, either 80004005 or not reporting any error code at all.
After carefully looking through the HTTP headers for these requests I found a common link: they all had at least one cookie with no name.
It appears that Classic ASP can't handle this and will stop executing your script with an error whenever a cookie with no name exists and you attempt to access the cookies, either by Request.Cookies(), Response.Cookies() or Request().
These requests are obviously some type of attack on the website, and based on forum posts and Q&A website posts I have seen, many other sites have been attacked starting around the same time.
It could possibly be a denial of service attack. By causing these types of errors some websites may eventually stop working due to not closed or destroying certain objects.
Alternately it could be some sort of other attack not specifically for Classic ASP websites using cookie names normally used by common website platforms with values that may be intended to cause issues or gain access.
To avoid this problem I looked at several alternatives but the simplest one for me to implement was to add some code to check whether the cookies could be read and terminate the script if it they couldn't be read, using error trapping. As most of my Classic ASP websites have an "include" file that is used by all scripts this only needed to be added in one place.
There are other interesting options including IIS URL rewrite rules and regular expressions. There has been some interesting discussion at forums.iis.net.
After carefully looking through the HTTP headers for these requests I found a common link: they all had at least one cookie with no name.
It appears that Classic ASP can't handle this and will stop executing your script with an error whenever a cookie with no name exists and you attempt to access the cookies, either by Request.Cookies(), Response.Cookies() or Request().
These requests are obviously some type of attack on the website, and based on forum posts and Q&A website posts I have seen, many other sites have been attacked starting around the same time.
It could possibly be a denial of service attack. By causing these types of errors some websites may eventually stop working due to not closed or destroying certain objects.
Alternately it could be some sort of other attack not specifically for Classic ASP websites using cookie names normally used by common website platforms with values that may be intended to cause issues or gain access.
To avoid this problem I looked at several alternatives but the simplest one for me to implement was to add some code to check whether the cookies could be read and terminate the script if it they couldn't be read, using error trapping. As most of my Classic ASP websites have an "include" file that is used by all scripts this only needed to be added in one place.
On Error Resume Next
Request.Cookies("test")
If Err.Number <> 0 Then Response.End
On Error Goto 0
There are other interesting options including IIS URL rewrite rules and regular expressions. There has been some interesting discussion at forums.iis.net.
Related Posts
Converting dBase IV programs to run in the browser
by johna | September 13, 2024
Some pointless entertainment trying to get some old dBase programs running in the browser.
How to set up a debugging using the Turnkey Linux LAMP stack and VS Code
by johna | December 19, 2023
The second part in my guide to setting up a website and database using the Turnkey Linux LAMP stack.
How to set up a website and database using the Turnkey Linux LAMP stack
by johna | November 18, 2023
If you need to host your own website for the purposes of web development, Turnkey Linux LAMP Stack is an easy to install all-in-one solution that you can set up on a spare computer or a VM (Virtual Machine).
Comments
There are no comments yet. Be the first to leave a comment!