This means that someone is trying to get access to your server by attacking ASP.NET websites hosted on the machine.
Even if you have all updates and patches installed, the server may still be at risk.
Somewhat less important, but still significant, these hacking attempts abuse your server resources -
CPU, RAM, Bandwidth and even the free disk space (the logs may grow enormously).
RdpGuard may help you stop these hacking attempts
and protect your Windows Web Server by blocking attackers' IP addresses.
For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022
To Enable ASP.NET Web Forms Protection
1. Start RdpGuard Dashboard and click on the link next to Web Forms
Click the 'Web Forms' link
The ASP.NET Web Forms Protection Dialog will open:
ASP.NET Web Forms Protection Dialog
Tick the Enable ASP.NET web forms protection checkbox and click Save
Custom Rules for ASP.NET Web Forms Protection
In order to protect ASP.NET web forms RdpGuard monitors the Application event log for Events with ID 1309.
These events are written to the log each time .NET detects an error in web application. Sometimes these errors
may indicate intrusion attempts and RdpGuard helps you block IP addresses behind these attempts.
By default RdpGuard processes 1309 Events that match the following criteria:
If event details match any of the rules, the event is included into further processing, i.e. the OR operator applies to the rules
Rule may contain any number of conditions separated by comma, the event matches the rule if all conditions are match, i.e. the AND operator applies to rule conditions.
So, the example above will be interpreted as - include event if (EventData1 equals 3003 and EventData18 equals HttpRequestValidationException)
OR (EventData1 equals 3005 and EventData18 equals HttpException and EventData19 contains ValidateInputIfRequiredByConfig)
"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard"
- Joaquim De Sousa Marques
"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called
TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's."
- J. Johnson
"Absolutely amazed at your product. We are a church in the North Dallas area,
and I discovered this morning multiple failed logon attempts via our Remote Access Server.
A friend suggested your product, so I immediately downloaded the trial.
It had a list of about five blocked IP addresses in minutes, and that was enough to
lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a
third being international attempts to break into our system.
Thanks for a great product. You may have just saved us much grief."
- John Hallford
"Love the software. RDP on our Windows servers is just ridiculous.
We would block it in the router but we have lots of old-time customers that would have issues."
- Scott Hirsch
"Love the software! Makes it easier than tailoring VB Scripts!!"
- Nick Brennan
"It's a great product - really stopping those RDP attackers :-)"
- Dave, UK
"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server.
RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)"
- Carsten Baltes