The new Mojo update

Post here for help with installing or upgrading mojoPortal pre-compiled release packages. When posting in this forum, please provide all relevant details. You may also want to review the installation or upgrading documentation.

If you have questions about using the source code or working with mojoPortal in Visual Studio, please post in the Developer forum.

Post here for help with installation of mojoPortal pre-compiled release packages

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.

You may also want to review the installation or upgrading documentation.

If you have questions about using the source code or working with mojoPortal in Visual Studio, please post in the Developer forum.

This thread is closed to new posts. You must sign in to post in the forums.
9/20/2010 7:21:32 PM
cagliostro
Gravatar
Total Posts 125
View Posts

The new Mojo update

hello.

After the last update, non existent pages display

 

We're sorry but a server error has occurred while trying to process your request.

The error has been logged and will be reviewed by our staff as soon as possible. It is possible that the error was just a momentary hiccup and you may wish to use the back button and try again or go back to the home page

--

Is that normal ?

thanks

9/21/2010 6:04:57 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: The new Mojo update

Hi,

According to Scott Guthrie's blog post this is required as part of the workaround for the ASP.NET vulnerability.

http://weblogs.asp.net/scottgu/archive/2010/09/20/frequently-asked-questions-about-the-asp-net-security-vulnerability.aspx

So I commented out the <PageNotFoundHander module in Web.config for version 2.3.5.3, this is the module that would provide the friendly 404 page.

On this site, I have not commented it out but I monitor this server closely and also I "think" that the mitigation I did to return a 404 instead of a 500 response code for CryptographyExceptions is also effective defense. Now I am also looking into the Dynamic IP Restrictions module that Scott also mentioned in his post as a way to block this attack.

So, since I have full control of my server and monitor it closely I'm taking a risk that I feel comfortable with on this site, but I don't feel comfortable telling others to do the same, the best advice is to do what Scott Guthrie says and mojoPortal 2.3.5.3 is pre-configured according to what Scott Guthrie advises to make sure that mojoPortal users are protected.

Keep in mind that Microsoft is working on a real solution to the problem and this workaround is only a temporary measure until a Windows Update patch is released for this issue.

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.