My production server logs (and notably, not local server or the live public facing test server) is receiving several requests at /show.aspx and /ogShow.aspx, with various query strings attached to it (e.g., /ogShow.aspx?name=ogFoot&line=0&from=oGateeu). It happens quite frequently throughout the day.

Any guesses on where it could be from? I have no routes that look anything like that. Do I have any reason to be concerned about an attack?

  • 175
  • 4
  • 2
    Welcome to the internet! There usually isn't a need to be concerned by this unless things are being successfully exploited. There are many similar questions like this. – multithr3at3d Jan 06 '18 at 16:45
  • @multithr3at3d Good to know :) can you point me to one or more, for reference's sake? I was having a hard time knowing what to search for – RyanQuey Jan 06 '18 at 20:09
  • 1
    Here's another one https://security.stackexchange.com/a/82600/90657 – multithr3at3d Jan 07 '18 at 15:36
  • 1
    I've been getting hits to this exact string for weeks now. 20-30 a day on a small WordPress site. I monitor my logs to ensure I redirect any broken links for SEO, and this string is super annoying. – Collin Barrett Jan 12 '18 at 18:11

1 Answers1


As @multithr3at3d alluded too in his comment, it is very common to be "scanned" by random nodes on the Internet.

There are a lot of attackers who will just try all sorts of combinations to see what services you are running or to try to take advantage of known exploits. Sometimes the attackers do recon and target their attacks, but other times they just try anything they want - maybe they try a lot of different websites when a new exploit is found.

While this activity can at first be scary, its relatively common. There is also more benign activity like search engine spider. Another possibility is that there is some automated script with legitimate purposes, but was accidentally configured to point to your server, though its more likely you are just being scanned.

If the scanning activity is coming from one specific IP or a list of specific IPs you can just block them at the network firewall level or in your web server config. There are also WAF technologies and vendors you can put in front of your site, but that usually only makes sense financially and time wise if you are a large commercial website.

Eric G
  • 9,691
  • 4
  • 31
  • 58