Introduction
one of my client server has been attacked by the way calls ” One-Click Attack “.
do you know what is one-click attack?
I don’t want to annoy you with a long description of this kind of attack, so I make it short!
one-click attack:
a hacker creates HTML that includes a form and a link,which,when clicked, submit the form to the server being attacked. hacker use it to spam the target site.
solution
in one-click attack they use third parties. like the emails that so familiar like: ” click here to claim your prize “.
you can set the ViewStateUserKey property on your pages.and it will stored in ViewState.
if page is postback, the runtime check the ViewState to make Sure It’s equal to the current ViewStateUserKey.
here is an example of the code that can solve your problem:
protected void Page_Init(object sender, EventArgs e)
{
this.ViewStateUserKey = Request.UserHostAddress;
} and now the attackers can’t copy your hidden field and use it in one-click attack!
Taha has started programming at the age of 16 and he has taken an avid interest in Microsoft technologies. He professionally works on ASP.NET and C#. Mainly, He lives for getting the world into codes and follows this aspiration in a third world country with lack of facility and support. He never gives up seeking success and competence.
Submit an article or tip