I’ve been hacked. Evil aspx file uploaded called AspxSpy. They’re still trying. Help me trap them‼

If you running asp.net and only as you tagged, then you only need to add this web.config on the root directory that your users upload files. With that web.config you do not allow anyone to run aspx pages on this directory tree.

The web.config on the protected must only contains:

        <deny users="*" />

With this web.config your program can still read and write images and other files on this directory, but can not run aspx and other running asp.net extensions.

Check the file extension upload

Of course you must check for all the knowing running files extensions on uploading and on rename, including but not limited to .exe .php .aspx .com .asp .ashx
This is I believe the first that some must do, but to be sure that not found any other way to run something unknown is the web.config and the limited to dot.net only.

For the password you ask

just comment/remove all this lines on http://jsbin.com/uhoye3/edit#html and you see it running, because on this point is check the password and return false if fail. If you let it continue you cancel the password part.

if (Request.Cookies[vbhLn].Value != Password)
    return false;

Leave a Comment