Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Invasion on DNNInvasion on DNN
Previous
 
Next
New Post
3/16/2015 7:05 AM
 
carlos chimenesjr

www.suino.com.br
Joined: 8/16/2005
Posts: 34

My DNN has suffered an attack. They made some updates direct inside my sql (image)

http://www.grupoagro.com.br/invasion.jpg
 
New Post
3/16/2015 8:03 AM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
first question: how did the attackers get access to your site?
Which DNN version are you running, are there 3rd party modules installed with known vulnarabilites?
Did you make sure to use strong passwords for admins and superusers, did you check members of superusers and admin role?
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
3/16/2015 11:54 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
please email the details to community.security@dnnsoftware.com , we will be happy to review them and offer advice
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
3/19/2015 7:12 AM
 
carlos chimenesjr

www.suino.com.br
Joined: 8/16/2005
Posts: 34
Hi guys!
Tks for the help.
First thing, I blocked new subscriptions and delete all the fake ones.
Was not enough, yesterday happens another atack.
Than, I uninstalled all the modules that was not in use. Now there is only native DNN modules, plus EasyDNNNews, SmokeRanch for banners and a layout from speed Application.

The application is hosted on Amazon EC2. Only my IP has access on the machine in ports differents of 80. Its installed ClamAV antivirus, who runs every night.
 
New Post
3/19/2015 11:11 AM
 
carlos chimenesjr

www.suino.com.br
Joined: 8/16/2005
Posts: 34
Here the full list of modules:
Authentication - Allows you to manage authentication settings for sites using Windows Authentication. - 7.1.0 No
BannerAdvertisers - This is the advertiser module that is designed to work with the Smoke Ranch BannerDisplay Module. - 6.1.0 Yes
BannerDisplay - This is the banner module that is designed to work with the Smoke Ranch BannerAdvertisers Module. Place this module where you want banner ads to appear. - 6.1.0 Yes
Banners - Banner advertising is managed through the Vendors module in the Admin tab. You can select the number of banners to display as well as the banner type. - 7.1.0 Yes
CadastroXP - - 1.0.0 No
Configurações avançadas - - 1.0.0 Yes
Configuration Manager - - 7.1.0 Yes
Console - Display children pages as icon links for navigation. - 7.1.0 Yes
Content Slider - This module allows you to quickly and easily add the popular "content slider" functionality to your DotNetNuke website. This feature enables the ability to have banner and content dynamically cycle on your DNN web pages. This is completely a client-side solution, not Flash. - 1.2.1 Yes
ContentList - This module displays a list of content by tag. - 7.1.0 No
Dashboard - Provides a snapshot of your DotNetNuke Application. - 7.1.0 Yes
DDR Menu - DotNetNuke Navigation Provider. - 7.4.0 No
Device Preview Management - The Device Preview Management module allows users to manage their mobile preview profiles. - 7.4.0 Yes
Digital Asset Management - DotNetNuke Corporation Digital Asset Management module - 7.4.0 Yes
dnnYesplearticle - An open source articles module for DotNetNuke, from Christoc.com - 0.2.0 No
EasyDNNnews - EasyDNNnews module Web: http://www.easydnnsolutions.com Info: support@easydnnsolutions.com - 6.0.1 Yes
EasyDNNnews Calendar - EasyDNNnews Calendar module Web: http://www.easydnnsolutions.com Info: support@easydnnsolutions.com - 6.0.1 No
EasyDNNnews Categories Menu - EasyDNNnews Categories Menu module. Web: http://www.easydnnsolutions.com Info: support@easydnnsolutions.com - 6.0.1 Yes
EasyDNNnews Search - Search module for the EasyDNNnews Web: http://www.easydnnsolutions.com Info: support@easydnnsolutions.com - 6.0.1 Yes
EasyDNNnews TagCloud - EasyDNNnews TagCloud module Web: http://www.easydnnsolutions.com Info: support@easydnnsolutions.com - 6.0.1 No
EasyDNNnews URL Provider - Creates friendly Urls for EasyDNNnews module - 1.0.0 No
EasyDNNnews Widgets - EasyDNNnews Widgets module Web: http://www.easydnnsolutions.com Info: support@easydnnsolutions.com - 6.0.1 Yes
Extensions - Allows a Super User to manage the various extensions, such as Skins, Modules Language Packs, providers etc. - 7.1.0 Yes
Gallery - The Media Gallery Module stores and displays a collection of items organized in albums. - 4.4.0 Yes
Google Analytics - Configure Site Google Analytics settings. - 7.1.0 Yes
Host Settings - The Super User can manage the configuration settings which apply to the entire site. - 7.1.0 Yes
HTML - This module renders a block of HTML or Text content. The Html/Text module allows authorized users to edit the content either inline or in a separate administration page. Optional tokens can be used that get replaced dynamically during display. All versions of content are stored in the database including the ability to rollback to an older version. - 7.4.0 Yes
Html Editor Management - A module used to configure toolbar items, behavior, and other options used in the DotNetNuke HtmlEditor Provider. - 7.4.0 Yes
Journal - DotNetNuke Corporation Journal module - 7.4.0 Yes
Languages - - 7.1.0 Yes
Links - This module renders a list of hyperlinks. Links includes an edit page, which allows authorized users to edit the Links data stored in the SQL database. - 6.2.1 Yes
Lists - Allows you to edit common lists. - 7.1.0 Yes
Log Viewer - Allows you to view log entries for site events. - 7.1.0 Yes
Member Directory - The Member Directory module displays a list of Members based on role, profile property or relationship. - 7.4.0 Yes
Message Center - Core Messaging module allows users to message each other. - 7.4.0 Yes
Module Creator - Development of modules. - 1.0.0 No
Newsletters - Administrators can send bulk email to all users belonging to a particular Role. - 7.1.0 Yes
Pages - Administrators can manage the Pages within the site. This module allows you to create a new page, modify an existing page, delete pages, change the page order, and change the hierarchical page level. - 7.1.0 Yes
ProfessionalPreview - - 7.1.0 No
Razor Host - The Razor Host module allows developers to host Razor Scripts. - 7.4.0 Yes
Recycle Bin - The Recycle Bin provides an interface for restoring or permanently deleting Tabs and Modules. - 7.1.0 Yes
Registration - Allow users to create membership in the site. - 7.0.1 Yes
Scheduler - Allows you to schedule tasks to be run at specified intervals. - 7.1.0 Yes
Search Admin - The Search Admininstrator provides the ability to manage search settings. - 7.1.0 Yes
Search Results - The Search Results module displays search results. - 7.1.0 Yes
Site Group Editor - Site Group Editor - 1.0.0 Yes
Site Log - Administrators can view the details of visitors using their site. There are a variety of reports available to display information regarding site usage, membership, and volumes. - 7.1.0 Yes
Site Management - The Super User can manage the various parent and child sites within the install instance. This module allows you to add a new site, modify an existing site, and delete a site. - 7.1.0 Yes
Site Redirection Management - The Site Redirection Management module allows users to manage their website redirects. - 7.4.0 Yes
Site Wizard - The Administrator can use this user-friendly wizard to set up the common features of the site. - 7.1.0 Yes
Sitemap - - 7.1.0 Yes
Skin Designer - Allows you to modify skin attributes. - 7.1.0 Yes
Skins - - 7.1.0 Yes
Social Groups - DotNetNuke Corporation Social Groups module - 7.4.0 No
SpeedyApp Camera Slider - SpeedyApp Camera Slider - 1.0.0 Yes
SpeedyApp Latest Tweets - SpeedyApp Latest Tweets - 1.0.0 No
SpeedyApp Responsive Tabs - SpeedyApp Responsive Tabs - 1.0.0 No
SpeedyApp Skin Control Panel - SpeedyApp Skin Control Panel - 2.0.0 Yes
SpeedyApp Skin Customizer - SpeedyApp Skin Customizer - 1.0.0 Yes
SpeedyApplication.com Contact Form Basic - SpeedyApplication.com Contact Form Basic - 1.0.0 Yes
SQL - The Super User can execute SQL statements against the database. - 7.1.0 Yes
Survey - Survey allows you to create custom surveys to obtain public feedback - 4.70.0 Yes
Taxonomy Manager - Administrators can manage the Taxonomy for their site. - 7.4.0 Yes
Users and Roles - Administrators can manage the security roles defined for their site. The module allows you to add new security roles, modify existing security roles, delete security roles, and manage the users assigned to security roles. - 7.1.0 Yes
Vendors - Administrators can manage the Vendors and Banners associated to the site. This module allows you to add a new vendor, modify an existing vendor, and delete a vendor. - 7.1.0 Yes
ViewProfile - - 7.1.0 Yes
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Invasion on DNNInvasion on DNN


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out