[mapguide-users] Error: Session has expired or is invalid. Please log in again. > Server Crash from Asia IP (EVERYDAY!)

Ryan Northcott rnorthcott at gmail.com
Mon May 14 10:30:31 EDT 2012

Yes, Asia IPs usually mean DOS attacks.

I recommend you get a software firewall (eg. peerblock) on your server to
monitor how many, and what frequency these Asian IPs are coming in.
If you see requests coming in every 2-3 seconds, then you can be safe that
your domain is on a list somewhere and is propagating around the china bot
nets that have been compromised.

I use my firewall to block everyone, then only allow the ranges (or
countries) that I want to access my site through.
After a while they stop even trying to attack you, adn your domain will
remove from their bot lists as a target machine.

On Mon, May 14, 2012 at 10:15 AM, Chris Gountanis <
cgountanis at mpowerinnovations.com> wrote:

> Could this be a sign of some kind of brute force or some kind of DoS
> attack?
> Anyone else have this issue with a public server? MapGuide 2.2 Open Source
> /
> IIS / Windows 2008. Please respond as we have a client that is about to
> drop
> MapGuide because of this and we don't have much of a solution yet. I know
> we
> can run the server in debug (console) and maybe help the developers narrow
> this exploit down BUT I was hoping this might of already been tackled...
> maybe fixed in 2.4?
> <2012-05-11T10:27:18>   600     Ajax Viewer
>  Error: Session has expired or is invalid. Please log in again.
>  StackTrace:
>  - MgSiteServiceHandler.ProcessOperation() line 83 file
> c:\builds\mg22win32\mgdev\server\src\services\site\SiteServiceHandler.cpp
>  - MgOpAuthenticate.Execute() line 107 file
> c:\builds\mg22win32\mgdev\server\src\services\site\OpAuthenticate.cpp
>  - MgServerSiteService.Authenticate() line 709 file
> c:\builds\mg22win32\mgdev\server\src\services\site\ServerSiteService.cpp
>  - MgSecurityManager.Authenticate() line 224 file
> c:\builds\mg22win32\mgdev\server\src\common\manager\SecurityManager.cpp
>  - MgSessionCache.GetSessionInfo() line 175 file
> c:\builds\mg22win32\mgdev\server\src\common\manager\SessionCache.cpp
> --
> View this message in context:
> http://osgeo-org.1560.n6.nabble.com/Error-Session-has-expired-or-is-invalid-Please-log-in-again-Server-Crash-from-Asia-IP-EVERYDAY-tp4974449.html
> Sent from the MapGuide Users mailing list archive at Nabble.com.
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapguide-users/attachments/20120514/282f333c/attachment.html

More information about the mapguide-users mailing list