Hi, We have recently had a website developed for us and all errors area caught and sent to our email. We are getting 100s of errors sent every day, but can't seem to trap on the front-end. The developers say it is nothing to worry about. Is that right or is there something they can do? There was an Error in function on page in site http://www.xxxx.co.uk Notes: This error was caught and the user was redirected to the error page:MESSAGE: Padding is invalid and cannot be removed. SOURCE: mscorlib FORM: PAGE: /scriptresource.axd?d=iqioqmlganowis_tbnfyc0vqha1oijg_eegpvmf7821miqrdfywfgvpg45ypgqihpblrhdou_3kw_phisw_fja2&t=33cfe79a QUERYSTRING: d=iqioqmlganowis_tbnfyc0vqha1oijg_eegpvmf7821miqrdfywfgvpg45ypgqihpblrhdou_3kw_phisw_fja2&%3bt=33cfe79a TARGETSITE: Int32 DecryptData(Byte[], Int32, Int32, Byte[] ByRef, Int32, System.Security.Cryptography.PaddingMode, Boolean) STACKTRACE: at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.UI.Page.DecryptString(String s) at System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection queryString) Exception: System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast) at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, IVType ivType, Boolean useValidationSymAlgo) at System.Web.UI.Page.DecryptStringWithIV(String s, IVType ivType) at System.Web.UI.Page.DecryptString(String s) at System.Web.Handlers.ScriptResourceHandler.DecryptParameter(NameValueCollection queryString) Code (markup): There was an Error in function on page __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2fwEPDwUKMTEwMjg3NjIxMA9kFgJmD2QWBAIBD2QWAgIBD2QWBmYPFgIeBFRleHQFMDx0aXRsZT5UcmlidWx1cyBQcm8gZnJvbSBNeXByb3RlaW4uY28udWs8L3RpdGxlPmQCAg8WAh8ABWc8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iVHJpYnVsdXMgUHJvIC0gV2UgYXJlIHByb3VkIHR1vcmUgdGltZSBvciBzaG91bGQgaSBmaW5kIHNvbWV0aGluZyBlbHNlIHRvIGJvb3N0IG15IHQtbGV2ZWxzPz8gUGxlYXNlIGFkdmlzZS5kAhMPZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZm91cnN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGd2F5bmUgAOcBMiB0YWJzIDMgdGltZXMgYSBkYXksIGluY3JlYXNlZCBzZXggZHJpdmUsIG1vcmUgc3RyZW5ndGggYW5kIGFnZ3Jlc3Npb24gaW4gdGhlIGd5bSBhbmQgbW9uc3RlciBib2xsb2Nrcy4gT25seSBkb3duc2lkZSB3YXMgb2lseSBza2luIGFuZCBicmVha291dCBpbiBhIGZldyBzcG90cy4gT3ZlcmFsbCB0aG91Z2ggYSBnb29kIHdheSB0byBpbmNyZWFzZSB5b3VyIHRlc3Rvc3Rlcm9uZSEgR29vZCBwcm9kdWN0ZAIUD2QWBAIBDxYCHwAFIjxkaXYgY2xhc3M9Im9uZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMFSmFrZSAAMnRvb2sgOSB0YWJzIGEgZGF5IGFuZCBpdCBkaWQgYWJzb2x1dGx5IG5vdGhpbmdcbjpQZAIVD2QWBAIBDxYCHwAFIjxkaXYgY2xhc3M9InR3b3N0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGQ2hyaXMgAIgBSSBmaW5pc2hlZCB0aGUgdHViIG9uIDYgdGFicyBhIGRheSwgZGlkbnQgcmVhbGx5IG5vdGljZSBhbnl0aGluZyB0byBiZSBob25lc3QgYnV0IGhhdmUgbWFkZSBzb21lIHJlYXNvbmFibGUgc3RyZW5ndGggZ2FpbnMgc28gd2hvIGtub3dzP2QCFg9kFgQCAQ8WAh8ABSM8ZGl2IGNsYXNzPSJmaXZlc3RhciByYXRpbmciPjwvZGl2PmQCAg8VAwZjaHJpcyAAYXRyaWVkIHRoaXMgYW5kIHByb3RvZGlvc2NpbiBhbmQgdGhlc2Ugd29ya2VkIGJldHRlciAtIGZvciBtZSBhbnl3YXkgLUknZCBidXkgdGhlc2UgYWdhaW4gb3ZlciBQL2RkAhcPZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZml2ZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMFTUFSSyAAkwRPbmx5IGJlZW4gdGFraW5nIHRoZXNlIGZvciBhIHdlZWsgb24gMyBhIGRheSBidXQgbXkgc3RyZW5ndGggaGFzIGdvbmUgdXAgbWFzc2l2ZWx5ISBJbSAyNyB5ZWFycyBvbGQgYW5kIHdlaWdoIDIyMGxicy4gSSBjcmFua2VkIDEyIHJlcHMgb3V0IG9mIDEwMCBrZyBiZW5jaCBwcmVzcyB3aGVuIEkgdXNlZCB0byBzdHJ1Z2dsZSB0byBkbyA4ISBJIGFsc28gZ290IDggcmVwcyBvdXQgb2YgMTIwIGtnIGJlbmNoIHByZXNzIHdoZW4gbXkgcmVjb3JkIHdhcyA1ISBJIGRvbnQga25vdyBpZiBJIHdhcyBqdXN0IGhhdmluZyBhIHN0cm9uZyBkYXkgYnV0IGl0IHNlZW1zIGxpa2UgdG8gbXVjaCBvZiBhIGNvaW5jaWRlbmNlISBNeSB0cmFpbmluZyBwYXJ0bmVyIGNvdWxkbid0IGJlbGlldmUgaXQhIGhlIHRoaW5rcyBpbSBvbiB0aGUganVpY2UhIGhhIGhhISBpbSBnb2luZyB0byB1cCB0aGUgZG9zZSB0byA2IGEgZGF5LCBJIHdpbGwgbGV0IHlvdSBrbm93IGhvdyBJIGdldCBvbiEgSSB3b3VsZCBkZWZvIHJlY29tbWVuZCEgNSBzdGFycyEgICBkAhgPZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZm91cnN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGRGFubnkgAEZJJ3ZlIGJlZW4gdGFraW5nIHRoaXMgZm9yIGEgbW9udGggbm93IGFuZCBpIGZpbmQgaXQgZG9lcyB0aGUgam9iIHdlbGwuZAIZD2QWBAIBDxYCHwAFIjxkaXYgY2xhc3M9Im9uZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMFTGlhbSAAyQFEaWQgYWJzb2x1dGVseSBub3RoaW5nIGZvciBtZSBleGNlcHQgdGhlIHJldmVyc2UsIGluc3RlYWQgb2YgaW5jcmVhc2luZyBteSB0ZXN0b3N0b3JvbmUgSSBzdGFydGVkIHRvIGZlZWwgZXh0cmVtZWx5IHRpcmVkIHNvIEkgaGFkIHRvIHN0b3AgdGFraW5nIGl0LiBJIGd1ZXNzIHRoaXMgaXMgYSBwcm9kdWN0IGZvciB0aGUgb2xkZXIgZ2VuZXJhdGlvbi5kAhoPZBYEAgEPFgIfAAUkPGRpdiBjbGFzcz0idGhyZWVzdGFyIHJhdGluZyI%2bPC9kaXY%2bZAICDxUDBW1hcmsgALUBanVzIHJlY2lldmVkIG15Zmlyc3QgYm90dGxlIG9mIHRyaWIgcHJvLCBvbiByZWFkaW5nIHRoZXNlIHJldmlld3MgaWFtIHVuc3VyZSBvbiBob3cgbWFueSB0byB0YWtlPyBhIGZldyBwZW9wbGUgYXJlIHdyaXRpbmcgYWJvdXQgdGFraW5nIHVwdG8gMTAgYSBkYXkgd2hlbml0IG9ubHkgc2F5cyAzIG9uIHRoZSB0dWI%2fIGQCGw9kFgQCAQ8WAh8ABSM8ZGl2IGNsYXNzPSJmaXZlc3RhciByYXRpbmciPjwvZGl2PmQCAg8VAwhSaWNoYXJkIADyAUdyZWF0IHByb2R1Y3QgaW4gZXZlcnkgd2F5IGluY2x1ZGluZyBwcmljZS4gTmVhcmx5IDM5IG5vdyBidXQgc3RpbGwgdHJhaW4gaGFyZCAmYW1wIHRoaXMgaGVscHMgdGhlIHJlc3VsdHMuIEFtIGluIGJldHRlciBzaGFwZSB0aGFuIHRoZSBhdmVyYWdlIDI1eXIgb2xkLiBEb2VzIGhlbHAgdXMgb2xkZXIgYmxva2VzIHdpdGgga2VlcGluZyBib2R5IGZpcm0uIEFtIGltcHJlc3NlZC4gSnVzdCByZS1vcmRlcmVkLiBUaGFua3MgZAIcD2QWBAIBDxYCHwAFIzxkaXYgY2xhc3M9ImZpdmVzdGFyIHJhdGluZyI%2bPC9kaXY%2bZAICDxUDCmFsZXhhbmRlciAAhAFkZWZpbmF0bHkgYm9vc3RlZCBldmVyeXRoaW4gdXAhIHN0YWNrIHdpdiBob3JueSBnb2F0cyB3ZWVkIGFuZCBzb21lIHB1bHNlLCB1IGdvdCB2aWFncmEhISBvciBhIGNyYXp5IGxpZnRpbiBzZXNzaW9uLi4uLi4uLiB1ciBjaG9pY2VkAh0PZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZml2ZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGRGF2aWQgAMsBRXhjZWxsZW50IHByb2R1Y3QsIGVzcGVjaWFsbHkgZm9yIHVzIG9sZGVyIGNoYXBzICg0MCspIHNvbWUgZmFudGFzdGljIHJlc3VsdHMgaW4gYWxsIHBlcmZvcm1hbmNlIGFyZWFzLCB3aXNoIEkgZGlzY292ZXJlZCB0aGlzIHByb2R1Y3QgZWFybGllci4gRG93bnNpZGUgLSBvaWx5IHNraW4sIGJ1dCB0aGF04oCZcyBldmVuIGEgcGx1cyBhdCBteSBhZ2UhICBkAh4PZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZml2ZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMEQmVuIADuAUV4Y2VsbGVudCBwcm9kdWN0LCBmYW50YXN0aWMgcmVzdWx0cyBpbiBhbGwgcGVyZm9ybWFuY2UgYXJlYXMuIFRoZSBvbmx5IGRvd25zaWRlIGkgaGF2ZSBmb3VuZCBpcyBvaWx5IHNraW4gd2hpY2ggaGFzIHJlc3VsdGVkIGluIGEgZmV3IHNwb3RzIGJ1dCB0aGV5IGNhbiBiZSBkZWx0IHdpdGggYXMgaSBhbSBub3cgb24gdHJhY2sgdG8gd2hlcmUgaSB3YW5uYSBiZSBnb2luZy4uISBXZWxsIHdvcnRoIHRoZSBtb25leS5kAh8PZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZm91cnN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGSmFtZXMgALcCSSBmaW5kIHRoaXMgYSBncmVhdCBzdXBwbGVtZW50LCBteSBlbmVyZ3kgbGV2ZWxzIGhhdmUgZ29uZSB1cCBhbG90IG1vcmUgdGhhbiBpIGltYWdpbmVkLCBidXQgb3V0IG9mIHRoZSBneW0gaSBkb250IG5vdGljZSBpdCwgYnV0IG15IGdmIHNlZSdzIGl0IG1vcmUsIGltIGFsb3QgbW9yZSBoeXBlciB0aGFuIGkgdXN1YWxseSBhbS4gSSBhbHNvIHRha2UgQUFLRyBhbmQgdHJ5IHRha2UgdGhlbSB0aGUgc2FtZSB0aW1lLCBhcyB0aGUgYXJnaW5pbmUgaGVscHMgZnVlbCB0aGUgdGVzdG9zdGVyb25lIGFyb3VuZCB0aGUgYm9keS4gXG5UaGFua3MgTVBkAiAPZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZm91cnN0Y in site http://www.xxxx.co.uk Notes: This error was caught and the user was redirected to the error page:MESSAGE: Invalid length for a Base-64 char array. SOURCE: mscorlib FORM: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2fwEPDwUKMTEwMjg3NjIxMA9kFgJmD2QWBAIBD2QWAgIBD2QWBmYPFgIeBFRleHQFMDx0aXRsZT5UcmlidWx1cyBQcm8gZnJvbSBNeXByb3RlaW4uY28udWs8L3RpdGxlPmQCAg8WAh8ABWc8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iVHJpYnVsdXMgUHJvIC0gV2UgYXJlIHByb3VkIHRvIHByZXNlbnQgdGhlIHN0cm9uZ2VzdCBUcmlidWx1cyB0ZXIiIC8%2bZAIEDxYCHwAFjgE8bWV0YSBuYW1lPSJrZXl3b3JkcyIgY29udGVudD0iVHJpYnVsdXMgUHJvLCBCb2R5YnVpbGRpbmcsIE11c2NsZSAmIFNpemUsIFNwb3J0cyBQZXJmb3JtYW5jZSwgQm94aW5nICYgTU1BLCBQb3dlciBMaWZ0aW5nLCBNeXByb3RlaW4uY28udWsiIC8%2bZAIFEGRkFhICAg9kFgICAg8WAh4HVmlzaWJsZWhkAgMPFgIeB29uZm9jdXMFUmlmKHRoaXMudmFsdWUgPT0gJycgfHwgdGhpcy52YWx1ZSA9PSAnRW50ZXIgc2VhcmNoIHRlcm0gaGVyZS4uLicpIHRoaXMudmFsdWUgPSAnJztkAgUPZBYGAgEPFgIeC18hSXRlbUNvdW50AgoWFGYPZBYGAgIPFQEFdGVzdDFkAgMPDxYEHgtOYXZpZ2F0ZVVybAUeL2NhdHMvY2F0ZWdvcmllcy9tcF9lc3NlbnRpYWxzHwAFDU1yZWVzdGFyIHJhdGluZyI%2bPC9kaXY%2bZAICDxUDBW1hcmsgALUBanVzIHJlY2lldmVkIG15Zmlyc3QgYm90dGxlIG9mIHRyaWIgcHJvLCBvbiByZWFkaW5nIHRoZXNlIHJldmlld3MgaWFtIHVuc3VyZSBvbiBob3cgbWFueSB0byB0YWtlPyBhIGZldyBwZW9wbGUgYXJlIHdyaXRpbmcgYWJvdXQgdGFraW5nIHVwdG8gMTAgYSBkYXkgd2hlbml0IG9ubHkgc2F5cyAzIG9uIHRoZSB0dWI%2fIGQCGw9kFgQCAQ8WAh8ABSM8ZGl2IGNsYXNzPSJmaXZlc3RhciByYXRpbmciPjwvZGl2PmQCAg8VAwhSaWNoYXJkIADyAUdyZWF0IHByb2R1Y3QgaW4gZXZlcnkgd2F5IGluY2x1ZGluZyBwcmljZS4gTmVhcmx5IDM5IG5vdyBidXQgc3RpbGwgdHJhaW4gaGFyZCAmYW1wIHRoaXMgaGVscHMgdGhlIHJlc3VsdHMuIEFtIGluIGJldHRlciBzaGFwZSB0aGFuIHRoZSBhdmVyYWdlIDI1eXIgb2xkLiBEb2VzIGhlbHAgdXMgb2xkZXIgYmxva2VzIHdpdGgga2VlcGluZyBib2R5IGZpcm0uIEFtIGltcHJlc3NlZC4gSnVzdCByZS1vcmRlcmVkLiBUaGFua3MgZAIcD2QWBAIBDxYCHwAFIzxkaXYgY2xhc3M9ImZpdmVzdGFyIHJhdGluZyI%2bPC9kaXY%2bZAICDxUDCmFsZXhhbmRlciAAhAFkZWZpbmF0bHkgYm9vc3RlZCBldmVyeXRoaW4gdXAhIHN0YWNrIHdpdiBob3JueSBnb2F0cyB3ZWVkIGFuZCBzb21lIHB1bHNlLCB1IGdvdCB2aWFncmEhISBvciBhIGNyYXp5IGxpZnRpbiBzZXNzaW9uLi4uLi4uLiB1ciBjaG9pY2VkAh0PZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZml2ZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGRGF2aWQgAMsBRXhjZWxsZW50IHByb2R1Y3QsIGVzcGVjaWFsbHkgZm9yIHVzIG9sZGVyIGNoYXBzICg0MCspIHNvbWUgZmFudGFzdGljIHJlc3VsdHMgaW4gYWxsIHBlcmZvcm1hbmNlIGFyZWFzLCB3aXNoIEkgZGlzY292ZXJlZCB0aGlzIHByb2R1Y3QgZWFybGllci4gRG93bnNpZGUgLSBvaWx5IHNraW4sIGJ1dCB0aGF04oCZcyBldmVuIGEgcGx1cyBhdCBteSBhZ2UhICBkAh4PZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZml2ZXN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMEQmVuIADuAUV4Y2VsbGVudCBwcm9kdWN0LCBmYW50YXN0aWMgcmVzdWx0cyBpbiBhbGwgcGVyZm9ybWFuY2UgYXJlYXMuIFRoZSBvbmx5IGRvd25zaWRlIGkgaGF2ZSBmb3VuZCBpcyBvaWx5IHNraW4gd2hpY2ggaGFzIHJlc3VsdGVkIGluIGEgZmV3IHNwb3RzIGJ1dCB0aGV5IGNhbiBiZSBkZWx0IHdpdGggYXMgaSBhbSBub3cgb24gdHJhY2sgdG8gd2hlcmUgaSB3YW5uYSBiZSBnb2luZy4uISBXZWxsIHdvcnRoIHRoZSBtb25leS5kAh8PZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZm91cnN0YXIgcmF0aW5nIj48L2Rpdj5kAgIPFQMGSmFtZXMgALcCSSBmaW5kIHRoaXMgYSBncmVhdCBzdXBwbGVtZW50LCBteSBlbmVyZ3kgbGV2ZWxzIGhhdmUgZ29uZSB1cCBhbG90IG1vcmUgdGhhbiBpIGltYWdpbmVkLCBidXQgb3V0IG9mIHRoZSBneW0gaSBkb250IG5vdGljZSBpdCwgYnV0IG15IGdmIHNlZSdzIGl0IG1vcmUsIGltIGFsb3QgbW9yZSBoeXBlciB0aGFuIGkgdXN1YWxseSBhbS4gSSBhbHNvIHRha2UgQUFLRyBhbmQgdHJ5IHRha2UgdGhlbSB0aGUgc2FtZSB0aW1lLCBhcyB0aGUgYXJnaW5pbmUgaGVscHMgZnVlbCB0aGUgdGVzdG9zdGVyb25lIGFyb3VuZCB0aGUgYm9keS4gXG5UaGFua3MgTVBkAiAPZBYEAgEPFgIfAAUjPGRpdiBjbGFzcz0iZm91cnN0Y PAGE: /products/tribulus_pro QUERYSTRING: id=1591 TARGETSITE: Byte[] FromBase64String(System.String) STACKTRACE: at System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load() Exception: System.FormatException: Invalid length for a Base-64 char array. at System.Convert.FromBase64String(String s) at System.Web.UI.ObjectStateFormatter.Deserialize(String inputString) at System.Web.UI.ObjectStateFormatter.System.Web.UI.IStateFormatter.Deserialize(String serializedState) at System.Web.UI.Util.DeserializeWithAssert(IStateFormatter formatter, String serializedState) at System.Web.UI.HiddenFieldPageStatePersister.Load() Code (markup):
The key line starts with... Exception: System.FormatException: Invalid length for a Base-64 char array It looks like something is being sent with encryption and the application is having a problem decrypting. They should fix it if it happening 100 times a day !
This happens often when a post to a page occurs without a valid viewstate... which probably means someone is trying to do direct posting to your page without being on it. might be a hack, might be a bot checking for vulnerabilities.
In most cases there is nothing to worry about. I have both error on my sites (30-40 times per day). Most likely there are bots trying to access your site. If so you could try to restrict access for them by editing robots.txt of your site. There are a lot of discussions about this theme over the Internet - try to google.
Agree fully with the above suggestions, sounds like a bot to me. Have you tried isolating an instance of the site, testing the hell out of it and then check for error messages?