Classic ASP - App Errors in Event Viewer and Reliability
I have a Classic ASP website with SQL Server on a VPS with 1GB RAM, 2 Cores and 80GB HDD.
I have a consistent error in my event log showing that everyday around 6am (seconds before or minutes after) my website suffers this error twice:
Faulting application w3wp.exe, version 7.0.6001.18000, time stamp 0x47919413, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception code 0xc0000374, fault offset 0x000b015d, process id 0x798, application start time 0x01cb7b1c596f4ca8.
Along with an error like this a bit later sometimes:
Failed to retrieve the Anonymous User Token for ASP Application /LM/W3SVC/424/ROOT. Global.ASA OnEnd routines will not be executed.
I am sure it is no coincidence that at 6am daily, my web app pool for this website is set to recycle.
Please can anyone suggest how I can fix/resolve this error and also any suggestions for how I can make my site more secure and reliable?
------ A few additional questions -------
SLIGHTLY OFFTOPIC: I am considering changing the cart to store itself directly in the database, as well as switching sessions to use the DB too, rather than depending on cookies. Is this a good idea? Will it make a big difference?
SUSPICIOUS EVENTS: There are some 40,000-odd app events in the event viewer that show this message:
Login failed for user 'sa'. Reason: Password did not match that for the login provided. [CLIENT: 184.108.40.206]
Does this indicate that someone is trying to hack my database by dictionary/brute forcing the sa account? If so, any suggestions on how I should deal with it? My site depends on this SQL Server Express instance. I might just delete the user, unless there is an externally open port for SQL Server that I dont know about...
WRT SUSPICIOUS EVENTS:I have disabled disabled remote connections in SQL Server config so if it is an attack we should be protected from it.
WRT Anonymous User Token Error: I found a forum post that recommends setting IIS Mgr->ASP->Debugging->Run On End Functions Anonymously to FALSE to solve this problem. (It is true by default in IIS7).
Still not sure about the rest. I have also changed my IIS Mgr->ASP->Session Properties->New ID on Secure Connection setting to FALSE as well. Since my cart depends on cookies which are linked to the session id, I figure this will help reduce problems caused by redirecting to HTTPS..