Spam in Web forms

6 July 2007

For a while now I'm getting certain errors in the error logs for

Invalid postback or callback argument. Event validation is enabled using in configuration or in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.

The source for this error is in System.Web and the type is 'System.ArgumentException'. My error logs also show all the user input from the submitted form and I can tell that someone is trying to spam me using the contact me page or other pages with forms.

I can also tell that they download the form page and change the values of text fields, checkboxes and dropdown lists.

There is not much I can do about this but the annoying thing is that I get an email every time they do this. The error is handled by my global error handling in Application_Error in global.asax but to handle this particular problem I needed to reproduce it first:

On my local development server I open the form page, then save the html for it into a local file and adjust the action attribute to point to the aspx page. Then I open the flat file in a browser and submit it, it works fine. Now I added a new option to a drop down box and pre-select it. Submitting the page now results in the exact same error as above.

I can now handle this error in a special way which logs it but doesn't send me an email.

Pages in this section


ASP.Net | Community | Development | IIS | IT Pro | Security | SQL (Server) | Tools | Web | Work on the road | Windows