After carefully looking through the HTTP headers for these requests I found a common link: they all had at least one cookie with no name.
It appears that Classic ASP can't handle this and will stop executing your script with an error whenever a cookie with no name exists and you attempt to access the cookies, either by Request.Cookies(), Response.Cookies() or Request().
These requests are obviously some type of attack on the website, and based on forum posts and Q&A website posts I have seen, many other sites have been attacked starting around the same time.
It could possibly be a denial of service attack. By causing these types of errors some websites may eventually stop working due to not closed or destroying certain objects.
Alternately it could be some sort of other attack not specifically for Classic ASP websites using cookie names normally used by common website platforms with values that may be intended to cause issues or gain access.
To avoid this problem I looked at several alternatives but the simplest one for me to implement was to add some code to check whether the cookies could be read and terminate the script if it they couldn't be read, using error trapping. As most of my Classic ASP websites have an "include" file that is used by all scripts this only needed to be added in one place.
On Error Resume Next
If Err.Number <> 0 Then Response.End
On Error Goto 0
There are other interesting options including IIS URL rewrite rules and regular expressions. There has been some interesting discussion at forums.iis.net.
by John Avis | May 6, 2020
If you are having intermittent problems sending email in .NET using System.Net.Mail consider switching libraries.
by John Avis | November 4, 2019
As support ends for Microsoft Windows Server 2008 I have recently gone through migrating some websites to a new server running Windows Server 2016 and IIS 10 but some of the websites did not work.
by John Avis | October 15, 2019
For a website project I needed a way to enter multiple tags. I just wanted something simple that I could easily modify to suit my own needs, so I wrote my own.