Whoson Hacker Detection

Whoson can detect visitors that may be trying to hack your site by watching for combinations of Exceptions that the visitor is raising. When a new visitor arrives at your site Whoson assigns them the 'hackcount' of zero. This 'hackcount' is incremented when certain exceptions are raised by the visitor. When the hackcount reaches a certain value, the visitor is flagged as a possible hacker and the 'Hacker Detected' exception is raised.

You can setup actions against the Hacker Detected exception. For example, you could run a script to block the visitors IP from your web server (Whoson passes the visitors IP address to your script via an environment variable). Note: Whoson can do this automatically if you are using IIS.

When the Hacker Detected exception is raised against the visitor, the visitors icon immediately changes in the current visitor list:

Whoson saves the hackcount against the visitor in the database, so that when the visitor returns to your site in the future, Whoson knows that previously the visitor has triggered the hacker exception.

The following exceptions cause the hackcount to be incremented:

Number	Exception Type	Increments HackCount by
150	EXE file requested + 404 error	2
151	DLL file requested + 404 error	2
160	Requested path contains ../	1
162	PUT requested + 404 error	1
163	DELETE requested + 404 error	2
161	More than x 404 errors	2

For example, if a visitor requested '../../cmd.exe' and this generated a 404 error, the hackcount would be incremented by 3.

Tuesday, February 28, 2006.

NEWS

1st January, 2006
Our broad partnership with various advertisement allow us to provide.
	more

20th March, 2006
Our broad partnership with various advertisement.
	more