In the code below if I get into the if statement I can safely say my site is under attack. What information is it a good idea to log?
Any recommendations on actions that can be taken to minimize the damage at this point?
protected void btn_Search_Click(object sender, EventArgs e)
{
if(tb_SearchBox.Text.Length > tb_SearchBox.MaxLength)
{
//What should i log?
//What actions should I take?
}
//Otherwise search
}
You can log the ip and log how many times he has already attempted to hack you. If it's above a certain threshhold you can block his ip for a certain amount of time
When a Web application firewall like Mod_Security detects an attack it will log the entire HTTP request, along with the remote IP address.
For the action I would just redirect them to error page.
For the logging I would do as @The Rook mentioned and grab the entire request. I would use some logging software, such as ELMAH. ELMAH captures the entire HTTP Request as well as referrer IP. Logging is good regardless of security concerns