Using DNN 9.1.1

Where is the best place to find solutions for halting hacks on a DNN site?

I have a client whose site was successfully hacked by someone who created an account with a value of "1" in all required fields. How is this done? (7 alphanumeric chrs are required) 

I searched and could not find another reported incidence of this in the forums. 

The hack runs repeated cycles of login attempts until lockout (5 attempts). Then the cycle repeats with a new username. 

The hacker also runs these requests over the sites shopping cart until the logs fill and memory on the server overloads it. I have changed all of the indentifying info in the log entry below. Except the Source IP address.

2018-01-28 01:26:09 W3SVC13 ip-0A000027 10.0.0.XX POST /products/candy--red-swizzlers - 443 - 64.39.103.202 HTTP/1.1 Mozilla+Firefox+50.1.0 language=en-US;+dnn_IsMobile=False;+_ceg.u=p378ai;+_ceg.s=p378ai;+__RequestVerificationToken=P1M7zVA7Kgo2ZYd0Uj3v7EbViu8xFISNomab8SROzV5YxgBTNtNt2jUxhg06gysBd0ZvTw2;+ASP.NET_SessionId=elhyxrlvugtapoevjojghrtt;

+.ASPXANONYMOUS=9if88-gBGnBa8_yx-NZmPa2HxSeOm0tYiMTYYRBsxoSriWmDTO5qKFLv-Z2sis4I4xGaHQvE3ZgZfQMrBkWl87iTdBYgZZzbzn7DY4IDjFx913By0; https://candyhouse.com/ candyhouse.com 403 503 5 1381 660 62

I have disabled the logs.

What is the hacker attempting to accomplish?

He has succeeded in being a nuisance.

 

 

Thanks for the reply James.

Though, I'm afraid the hacker is more sophisticated than you think.

The hacker's IP address is in the error log I posted. It is associated with Qualys the security company. Which means the hacker is spoofing it and can work around any IP blocking. We started combatting the problem by blocking a range of IP's. HIs attack is part of an automated process that he runs against many sites looking for an opening. So he hasn't broken in yet. The process runs weekly on Friday night only. It learns and adapts to our blocking attempts. We will be switching our website's IP address but I was looking for something in the interim.