Old Forums
Search:
Portal Engine Questions on portal engine and web parts.
Version 6.x > Portal Engine > Random error in logs - Message: [GeneralConnection.ExecuteQuery]: Query 'xriyzgpelw.selectdocuments' not found. View modes: 
User avatar
Member
Member
neil-myfitfund - 5/25/2012 1:36:28 PM
   
Random error in logs - Message: [GeneralConnection.ExecuteQuery]: Query 'xriyzgpelw.selectdocuments' not found.
This appears every few minutes in one of the log files. When you go down through the error - you'll see
"/Print.aspx?classname=xriyzgpelw"

Looks like someone's trying to hack something.

Has anyone come across this annoying little "thing"?

-Neil

User avatar
Kentico Consulting
Kentico Consulting
kentico_borisp - 5/26/2012 3:52:43 AM
   
RE:Random error in logs - Message: [GeneralConnection.ExecuteQuery]: Query 'xriyzgpelw.selectdocuments' not found.
Hello,

You can block the IP address from where these requests are from. You can either use our banned IPs module or you can implement some custom verification in e.g. the Global.asax.cs (or App_Code/Application/CMSAppBase.cs from version 6.0 and higher) file in the Application_BeginRequest (CMSBeginRequest in 6.0 and higher) method.

Best regards,
Boris Pocatko

User avatar
Member
Member
neil-myfitfund - 5/26/2012 10:34:24 AM
   
RE:Random error in logs - Message: [GeneralConnection.ExecuteQuery]: Query 'xriyzgpelw.selectdocuments' not found.
Hi Boris,

I know this is a hacking attempt but what I'm wondering about is how we block any and all attacks against print.aspx. Is that what you mean when you say do some custom verification in Global.asax.cs? i don't want to have to sit and watch the log files to sniff out every Russian IP address.

Thanks!
-Neil

User avatar
Kentico Developer
Kentico Developer
kentico_ivanat - 6/3/2012 8:58:11 AM
   
RE:Random error in logs - Message: [GeneralConnection.ExecuteQuery]: Query 'xriyzgpelw.selectdocuments' not found.
Hi,

I see what you mean.

The issue is that query macro in Document types property of repeater is resolved and as a string value seems to be correct. But this classname obviously does not exist -> error. I will inform our security department to change documentation of print page creation.

As a workaround:

In case you use the page to print only specific document type or document types with common field names, you could simply define Document type property manually, i.e. without macro.

Instead you could define where property, something like:

DocumentID={%documentID%}

In other words, you would sent documentID to the print page instead of classname,

This way the attacker could see document or nothing. Of course he could guess ID and display documents which he should not see.

Another option is to create a custom macro and use it in Document type property. In this macro you could check if provided class name really exists and if not return "cms.root" class.

How to create a custom macro is described here:
Types of macro

In case you will need more information about second option please let us know.

Thank you also for letting us know about the issue.

Best regards,
Ivana Tomanickova
User avatar
Kentico Developer
Kentico Developer
kentico_ivanat - 6/4/2012 2:19:27 AM
   
RE:Random error in logs - Message: [GeneralConnection.ExecuteQuery]: Query 'xriyzgpelw.selectdocuments' not found.
Hi,

finally, we will not modify the documentation. This behavior is more or less correct. For users will be document printed, for attacker will be error message shown and log in the event log created, so it does not compromise the system.

Best regards,
Ivana Tomanickova

Top