Skip to main content

ASP.NET Core: Cloud-ready, Enterprise Web Application Development – The Book

After some weeks of delay due to technical reasons the Learning Path edition of my ASP.NET Core and Angular book is finally out throughout the Amazon (and non-Amazon) marketplaces all over the world. The name is ASP.NET Core: Cloud-ready, Enterprise Web Application Development and it comes as part of the Packt Book’s Learning Path series: each of these paths features a different course for readers to give them a one-stop learning experience with different technologies. Needless to say, the course is about a full-stack programming experience with ASP.NET Core, using modern client-side frameworks (such as Angular) for the GUI part.

Here’s the updated cover:

Read More

How to stop (or prevent) massive login attempts to Remote Desktop RDP on Windows Server

A couple days ago I published a post regarding how to protect CentOS server from unwanted SSH login attempts by changing the default port and/or using File2ban. Today I will talk about a very similar issue that affects Windows Server, which is often only accessible from the administrator by using a Remote Desktop (RDP) connection: that’s a very common case for any VPS or dedicated server hosted through an ISP.

The issue is the same of CentOS: your system is receiving an insane amount of (failed) login attempts in terms of thousands per day by random attackers who are trying to get in using standard brute-force techniques. Depending on given scenario they can be bots, zombies or hackers running BFA scripts. Luckily enough, there are some rather trivial countermeasures that can be adopted to shielding your system even if you can’t afford to purchase and install a Firewall with Intrusion-Prevention System (IPS) – which is something you should really do anyway, expecially if you’re hosting some valuable and/or sensitive data. The methods below will work on any Windows Server release: Windows Server 2003, Windows Server 2008,  Windows Server 2012, Windows Server 2012 R2 and the new Windows Server 2016.

Read More

Protect CentOS from unwanted SSH failed login attempts with Fail2Ban

SSH is most likely the most secure way to remotely connect to a LINUX-based server machine. However, the fact that the SSH daemon service needs to be reached from the Internet and is usually configured to listen to a well-known TCP port has always been a major security flaw: it allows attackers to relentlessly spam it with a huge number login attempts, hoping to find a hole in your UAC setup.

To better understand what we’re talking about, let’s take a look at the following screenshot:

Those 150 failed login attempts have been attempted on one of our CentOS7 servers in a fifteen-minute range: we’re easily talking about thousands of them every single day, which would eventually break any non-strong password, other than flooding our beloved port 22.

It would be a good thing if we could do something about this nasty problem, for example issuing some throttling rules that could force these login attempts to respect a time limit each time they issue a wrong password. Luckily enough, there’s more than something we can do about that.

UPDATE: if you have the same problem with the Windows Server RDP service, read here to fix it.

Read More

How to fix MSXML2.XMLHTTP and MSXML2.ServerXMLHttp Error 0x80070057 – The Parameter is Incorrect when executing a POST HTTP connection within a T-SQL Stored Procedure

If you found this post it probably means that you are experiencing the following scenario:

  • A Windows 2012 or Windows 2016 Server machine with SQL Server 2008, SQL Server 2008R2, SQL Server 2012, SQL Server 2014, SQL Server 2016 and so on.
  • A Stored Procedure using a MSXML2 object that calls a Web Service (or any other external URL) with a POST request (see below).
  • An error 0x80070057 (or -2147024809) occurring as soon as you call the “SEND” method (see below), which translates (when inspected using sp_OAGetErrorInfo) as The parameter is incorrect.

Here’s an example of a SP that might throw such error:

Read More

80070005 Access is denied error while accessing Word Interop from the Server in a ASP.NET Application – How to fix

Last week I published a couple post regarding the use of the Microsoft.Office.Interop.Word namespace within an ASP.NET C# Application, respectively about opening a DOC or DOCX file from a Byte Array and converting them to PDF files. Although these techniques can be very useful to deal with MS Word documents, they have more than a couple drawbacks that we should always take into consideration when using them:

  • They are often painfully slow and inefficient, especially when dealing with huge amount of files (batch processing).
  • They consume a massive amount of memory – considering the task given to them.
  • They have a terrible multi-thread support, to the point that they might lead to scale/concurrency issues.
  • They do require MS Office installed where we use them.
  • They do require an awful set of permissions to allow the IIS users to access the required DCOM components the IIS.

I’m not saying we shouldn’t use them: as a matter of fact we kinda have to, unless we want to donate a kidney to some commercial libraries that can handle these tasks in a much better way. At the same time, we should get ready to experience some issues because they will create some havoc here and there sooner or later.

Read More

Close