Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...My DNN Got Hacked. How to Harden a DNN installation server?My DNN Got Hacked. How to Harden a DNN installation server?
Previous
 
Next
New Post
1/29/2007 12:49 AM
 
Kenny L

Joined: 6/15/2004
Posts: 32
This weekend our Dnn 4.3x installation got hacked. I thought DNN was one of the most secure portals out there?

Our site is at http://www.pokersnaps.com and we are running on a webhost4life semi dedicated server.

We will be working on a huge DNN commercial project soon and we do not want things like this happening on this commercial project.

We chose DNN as the platform because it was advertised as being safe and secure but after being hacked. I am not sure if this is true.

We would appreciate it very much for any tips on how to harden a DNN installation and a server running it.
 
New Post
1/29/2007 5:08 AM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212

Please notice, that there was a severe issue reported in ~3.3.4, so plase upgrade to lasted 3.3.7 or 4.4.1 immediately (there have been a security bulletin regarding this).

In the security section, there are documents describing how to harden DNN, besides make sure that you apply all security patches to the web server as soon as they get issued.

If you got hacked or found a security issue, please do not discuss in the forums, but contact security@dotnetnuke.com immediately.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
1/29/2007 10:11 AM
 
Joe Brinkman


Joe Brinkman's Avatar

blog.theaccidentalgeek.com
Joined: 5/18/2003
Posts: 2356
In our experience, most DNN sites that get hacked, are not running on a secured OS. We take great steps to make DNN as secure as possible, but in the end, security relies on admins properly configuring and maintaining the server and to make sure that they are running a patched version of DNN.

Please send and email to security@dotnetnuke.com and our security expert may be able to help track down the root attack vector that was used to hack your site. If it is a DNN problem, we want to know about it so we can correct it.
Joe Brinkman
DNN Corp.
 
New Post
1/29/2007 11:00 AM
 
Rocky Moore

www.ReflectedThought.com
Joined: 10/18/2004
Posts: 106
Would be great if after the problem has been located and dealt with, if a post could be added to this thread to let everyone know.  I would hate to leave this as an unknown issue.  Off the top of my head though, I am thinking maybe something else other than DNN was the door, but it would be great to know for sure.
Rocky Moore
www.RockyMoore.com
www.HintsAndTips.com
 
New Post
1/30/2007 10:08 PM
 
Kenny L

Joined: 6/15/2004
Posts: 32
I message the tech support and this is what he said..

"For your folder permission, it seem you had given the write access for the user ehbIUSR_www2 to access your folder. So it will lead the security hole for another hacker to write the file to your dnn site. For this issue, i had removed that user for you. If you had any enquiry, please let us know. Thanks!"

So what user should i allow full write access?
 
 Page 1 of 4
1234Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...My DNN Got Hacked. How to Harden a DNN installation server?My DNN Got Hacked. How to Harden a DNN installation server?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out