MVC, Elmah, apparent hacker attempts and "generic" IgnoreRoutes

Can anyone give advice on filtering my Elmah (http://code.google.com/p/elmah/) exception logs?

Elmah has been a very valuable tool in highlighting my obvious mistakes and oversights in my web application.

However now .. most Elmah entries do not pertain to my own stupidity (well -- perhaps they do -- thus my question), but any advice would be much appreciated.

My Elmah log now has 10'000s of entries similar to:

• The controller for path '/ws/login.php' could not be found or it does not implement IController.
开发者_StackOverflow中文版
• The controller for path '/text/javascript' could not be found or it does not implement IController.
• The controller for path '/jlkqyvaugdaktp.html' could not be found or it does not implement IController. [[ Actually 100s of these!! ... Do these random pages mean something in "HackerDom"? ]]
• The controller for path '/Scripts/thickbox/macFFBgHack.png' could not be found or it does not implement IController.

So .. to the "Question"

It is obvious that that the vast majority of these exceptions are being generated by IController ... can I tell Elmah just to "forget" about those and continue to log my genuine exceptions?

Or is it that my very generic MVC IgnoreRoute setup is not good enough? Should I ignore ".htm", "*.php" and all the others so I can more realistically see Elmah reports about pages/items/objects that my application perhaps more genuinely missing?

Many thanks for your time and consideration.

My Existing Route setup looks like this:

         routes.IgnoreRoute("{resource}.axd/{*pathInfo}");
            routes.IgnoreRoute("{*favicon}", new { favicon = @"(.*/)?favicon.ico(/.*)?" });
            routes.IgnoreRoute("{*forums}", new { forums = @"cccForums/.*" });
            routes.IgnoreRoute("{file}.txt");

///  REAL ROUTES
            routes.MapRoute(
                "ItemIndex", // Route name
                "Item/Index/{page}", // URL with parameters
                new { controller = "PageItem", action = "Index", page = 1} // Parameter defaults
                );

.............
.............


/// LAST CASE

 routes.MapRoute("Error", "{*url}", new { controller = "Site", action = "Map" });

---

One solution would be to implement a catch all route that would redirect all unknown request to a 404 page. This would prevent an uncaught exception and your end users get a pretty page (the non-hacker variety).

routes.MapRoute("Error", "{*url}",
        new { controller = "Error", action = "http404" }
    );

Place this at the end of your register route function in the global.asax. You should see all of your ELMAH errors disappear.

EDIT

Don't go to sleep yet! :)If your interested in not logging 404 errors (or any other type of errors for that matter with ELMAH), you should be able to do something like this in your web.config:

<elmah>
    ...
    <errorFilter>
        <test>
            <equal binding="HttpStatusCode" value="404" type="Int32" />
        </test>
    </errorFilter>
</elmah>

ELMAH ErrorFiltering Documentation

---

If you ignore these via IgnoreRoute, then the crack attempt is still making it as far as ASP.NET. That loads your server. Why not block these at your firewall instead?