Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Hacking TargetHacking Target
Previous
 
Next
New Post
2/12/2016 2:20 PM
 
Ax. Wx.


Joined: 10/19/2005
Posts: 57
If not removed at least turned off by default. I have it turned off in the DNN web application, but I already had put a constraint on the table before I learned of the setting to prevent ANY inserts to it unless I manually turn off the constraint. I am going to leave it that way for awhile to give me some time to do more investigations and satisfy myself the constraint is unnecessary with the AutoAdd feature turned off.

Thanks,
~aw
 
New Post
10/24/2016 4:16 PM
 
Manuel Bueno


Joined: 10/24/2016
Posts: 1
Hi everyone,

Just to add some information and maybe get some help ourselves with this issue. We host 100+ DNN sites and we stumbled upon the multiple-portal-aliases-out-of-nowhere problem ourselves last week.

We believe the attack works the following way:

Sites that have a particular IP setup for SSL purposes, get called from a spoofed DNS that then sends the request to our server with the wrong URL for that IP.

Since the Auto Add Alias option was enabled, the alias is added to the portal alias table.

We found everything from appspot.com sites, to AWS buckets on our portal aliases, also a Russian drug selling site and a lot of gibberish. We also found what it would seem actual child portal URLs on the site, but weren’t configured at all on the rest of it. And we also found what would look like DNS and NS URLs from URLs we hadn’t heard of, but were actual pages (for example, a realtor site from California).

We have, since then, disabled this option in all of our sites

What we cannot find is a reason for this to happen.

Is it some kind of site hijack that stopped on the midway point? (No content has been uploaded to our sites, so we are not getting our bandwidth leached, nor are we hosting anything for someone else).
Are they trying to legitimize URLs by pointing them to non-black-listed IPs?
Are they trying to get us black-listed by pointing their sites to our IPs?
Is this just some kind of drive by attack performed by an attack bot and we just got sprayed with some half-assed attempts at site hijacking?

We don’t have a lot of experience with black hat stuff, so we are not really sure what this is all about. We have cleaned up the portal aliases tables and disable the Auto Add setting but we really want to know if we patched the issue, or if we just fixed one side of a much bigger issue.

Any help will be much appreciated.


Thanks!
 
 Page 3 of 3
Previous123 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Hacking TargetHacking Target


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out