summary

Exception created when requesting deleted user profile pages

Description

Bug Description

One of the aftermaths of the registration bot problems is that lots of spam user profile accounts get created. These then exist as pages in the site, which in turn get indexed by bots. Once you delete the user profiles for the bogus users, the user profile pages still get accessed by bots, and each time a user profile page for a non-existent user is requested, it generates an exception in the log. This happens for each request and can quickly fill up the event log and crash the site if there are a lot of profiles and a lot of requests.

The issue is that the handling of a deleted user appears to be a 302 redirect with a 'end response' in it, which then creates a thread abort exception.

There are two issues here:
1) Most search engines won't process a 302 as the item being permanently removed. This means bots will keep coming back and indexing the page.
2) Every time the url is requested, the event log gets an entry, which means it can be overwhelmed.

The exception is shown below:

Resolution
This needs to be fixed by:

Remove the 302 redirect when a deleted user is encountered
Change to return a 404 by showing the configured DNN 404 page for the portal. This should be achieved by raising a 404 exception which should 'bubble' up and be caught by the standard 404 handling

QA Test Plan

None

Activity

Show:

Ken Grierson

September 28, 2014, 8:58 PM

Closing per Cathal's comment

cathal connolly

September 27, 2014, 4:38 PM

I suggest this gets accepted as a partial fix as the key element is that it returns a 404 now - this means anyone returning to a deleted profile (such as a spammer) gets a 404, so will not return again (most automated spambots check the http status and if it's a 404 they don't return). I will open a new issue for 7.3.4 to suppress the exception written to the log

Ken Grierson

September 26, 2014, 8:58 PM

When I originally tested this issue 2 weeks ago and opened the base reason for this JIRA item was not fixed.

The base reason for this bug is that we generated errors into log files that will overwhelm sites.
This is still true today, September 26 as it was when I commented this was not fixed back on September 14th

Bing Wu

September 26, 2014, 8:41 PM

Have to re-open this issue. The original trouble didn't get all resolved.

1) it is showing 404 page now, which is a good fix.
But 2)
In build CE 7.3.3.115, but it didn't stop filling up the log file and same in Event log. It will be overwhelmed if the bots keep running hours & days.

So for 7.3.3 release, will we accept this partial fix?

Here is the log file errors & exceptions:
2014-09-26 13:36:20,698 [DNN-PC107][Thread:40][ERROR] DotNetNuke.Services.Exceptions.Exceptions - System.Web.HttpException (0x80004005): Not Found
at DotNetNuke.Modules.Admin.Users.ViewProfile.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at DotNetNuke.UI.Modules.ModuleHost.InjectModuleContent(Control content)
at System.Web.UI.Control.EnsureChildControls()
at DotNetNuke.UI.Containers.Container.get_ModuleControl()
at DotNetNuke.UI.Containers.Container.ProcessModule()
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
2014-09-26 13:36:20,714 [DNN-PC107][Thread:40][ERROR] DotNetNuke.Services.Exceptions.Exceptions - DotNetNuke.Services.Exceptions.ModuleLoadException: Unhandled Error Adding Module to leftPane ---> System.Web.HttpException: Not Found
at DotNetNuke.Modules.Admin.Users.ViewProfile.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at DotNetNuke.UI.Modules.ModuleHost.InjectModuleContent(Control content)
at System.Web.UI.Control.EnsureChildControls()
at DotNetNuke.UI.Containers.Container.get_ModuleControl()
at DotNetNuke.UI.Containers.Container.ProcessModule()
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
— End of inner exception stack trace —
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
at DotNetNuke.UI.Skins.Skin.InjectModule(Pane pane, ModuleInfo module)
2014-09-26 13:36:20,727 [DNN-PC107][Thread:40][ERROR] DotNetNuke.Services.Exceptions.Exceptions - System.Web.HttpException (0x80004005): Not Found
at DotNetNuke.Modules.Admin.Users.ViewProfile.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at DotNetNuke.UI.Modules.ModuleHost.InjectModuleContent(Control content)
at System.Web.UI.Control.EnsureChildControls()
at DotNetNuke.UI.Containers.Container.get_ModuleControl()
at DotNetNuke.UI.Containers.Container.ProcessModule()
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
2014-09-26 13:36:20,732 [DNN-PC107][Thread:40][ERROR] DotNetNuke.Services.Exceptions.Exceptions - DotNetNuke.Services.Exceptions.ModuleLoadException: Unhandled Error Adding Module to rightPane ---> System.Web.HttpException: Not Found
at DotNetNuke.Modules.Admin.Users.ViewProfile.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at DotNetNuke.UI.Modules.ModuleHost.InjectModuleContent(Control content)
at System.Web.UI.Control.EnsureChildControls()
at DotNetNuke.UI.Containers.Container.get_ModuleControl()
at DotNetNuke.UI.Containers.Container.ProcessModule()
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
— End of inner exception stack trace —
at DotNetNuke.UI.Skins.Pane.InjectModule(ModuleInfo module)
at DotNetNuke.UI.Skins.Skin.InjectModule(Pane pane, ModuleInfo module)
2014-09-26 13:36:20,791 [DNN-PC107][Thread:40][FATAL] DotNetNuke.Framework.PageBase - An error has occurred while loading page.
System.Web.HttpException (0x80004005): Not Found
at DotNetNuke.Modules.Admin.Users.ViewProfile.OnInit(EventArgs e)
at System.Web.UI.Control.InitRecursive(Control namingContainer)
at System.Web.UI.Control.AddedControl(Control control, Int32 index)
at DotNetNuke.UI.Modules.ModuleHost.InjectModuleContent(Control content)
at System.Web.UI.Control.EnsureChildControls()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Control.PreRenderRecursiveInternal()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

cathal connolly

September 16, 2014, 1:41 PM

this is fixed, dnn-5854 is a different issue caused by a deleted user still being logged in - this issue was to fix requests for a deleted user profile page.

Complete

Assignee

Unassigned

Reporter

Bruce Chapman

Story Size

Unknown

Severity

Major

Triage

Triaged

Reported in Build #

None

Fixed in Build

7.3.3.91

Dev Owner

None

Includes Code Fix

Documentation Required

Trouble Ticket

None

Requires More Info

None

QA Story Points

None

QA Owner

None

Injected

None

Automation Required

None

Code Review Owner

None

Fix versions

7.3.3

Affects versions

7.3.2

Priority

High

Configure