Hello Leon Williams,
You can take a look at Building a secured Sitefinity website
and implement IP restriction for the backend if necessary of block some the incoming requests through your FireWall. There is no case where we append querystrings like tabid and itemID to the cmsentrypoint.aspx
All page requests pass through cmsentrypoint.aspx. Also this file is located under Sitefinity folder which means that it cannot be accessed until you have authenticated yourself. ASP.NET will send you to the login page immediately,
because Forms authentication
uses an authentication ticket that is created when a user logs on to a site. If there is no such ticket the requests is terminated and the user is redirected to a configured logon page.
The file inherits InternalPage.cs which implements methods for page management- getting the mode of the page, name of the ICms Page, instance of CmsManager, optional page settings like EnableViewState, returns the name of the Theme to be set for the current page . Our CmsHttpModule rewrites the URL to cmsentrypoint.aspx, which is the page handler for each CMS page in the Sitefinity. It seems that this is not a hack attack but something in your project forces calling an internal handler before page internal check and you are redirected to our cmsentrypoint.aspx.
the Telerik team
Do you want to have your say when we set our development plans?
Do you want to know when a feature you care about is added or when a bug fixed?
Telerik Public Issue Tracking
system and vote to affect the priority of the items.