Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...How "hackable" is DNN?How "hackable" is DNN?
Previous
 
Next
New Post
4/24/2006 12:47 PM
 
Paul Deschenes

Joined: 3/17/2005
Posts: 120

How does one attempt hacking a dotnetnuke site? Not particulars, just the methodology. I thought it was pretty safe because of the db based architecture, although I'm not expert.

How does one go about protecting yourself from having a DNN site hacked.

I saw this site hacked today, although other pages on the site weren't hacked, just anything pointing to the root of the site or a child portal url subdirectory:

http://dotnetnukeskin.com

Thanks
 
New Post
4/24/2006 1:01 PM
 
Paul Deschenes

Joined: 3/17/2005
Posts: 120

Found this thread which already discusses this subject but interested in answers to my questions still if anyone has opinions.

http://www.dotnetnuke.com/Community/ForumsDotNetNuke/tabid/795/forumid/118/threadid/32903/scope/posts/Default.aspx

Thanks
 
New Post
4/24/2006 1:05 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676

That hack is nothing to do with DotNetNuke - I posted an explanation @ http://www.dotnetnuke.com/Community/ForumsDotNetNuke/tabid/795/forumid/118/threadid/32903/scope/posts/Default.aspx 

Please do not ask for help/advice on hacking sites.

Cathal

Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
4/24/2006 1:17 PM
 
Paul Deschenes

Joined: 3/17/2005
Posts: 120

You misread or I didn't state it very well.

Looking for advice on PREVENTION not advice on How To.....

What I'm asking is one step further than your explanation given in the post you referenced, although I did find your explanation very helpful(thanks!)

I'm building a site where the users of the site will have strong concerns about security. I just want to know that I've taken all the steps, from a DNN perspective, to protect the site and information in it from unwanted eyes.

Thanks
 
New Post
4/24/2006 1:43 PM
 
Tony Valenti


www.PowerDNN.com
Joined: 1/17/2006
Posts: 567
We've been working with DotNetNuke since version 1.x both as a hosting provider and as a development firm, and I've really been very impressed with its capabilities especially in the way of security.  Although there have been a few minor issues here or there with the core, most of the security issues are not related to DotnetNuke but more so an unanticipated combination of factors.

For example, a couple months ago we pointed out a "policy hole" to some associates of ours at another big DNN provider - they allowed clients to upload files (safe) and also allowed their clients to view the files (safe), howevever, combine those two safe actions together and you could be in trouble if someone does something such as uploading a malicious ASPX file and then viewing it (thus causing it to execute).

Chances are, if something happens to your site, it isn't because of a problem with DNN, it is a problem with something else.
Tony Valenti
Tony.Valenti@PowerDNN.com
+001-402-650-6072

PowerDNN.com - World Leader in DotNetNuke Hosting and DNN Hosting
DNN Hosting Australia - DNN Hosting Europe - DNN Hosting US
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...How "hackable" is DNN?How "hackable" is DNN?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out