Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Server was hackedServer was hacked
Previous
 
Next
New Post
9/18/2006 10:49 PM
 
Brian Schmitt

Joined: 7/23/2004
Posts: 3
Well over the weekend, (Of all the weekends for me to be away....) the server where my site is hosted was hacked.

Now I have no problems with them not telling me HOW it was done, but I do have a problem with them just attempting to cover it up as though it never happened. They NEVER notified me of anything, it was only by chance that I saw the file that the hacker had placed there, and once I inquired about not being able to access my site and about the file, their reply was "it was a security related outage we had an attack on this server and had to take it offline to correct it". This was the ONLY information given to me, I didn't know if it was just my site, if I needed to be concerned with the install, db, passwords, etc...

For the curious, or for those who may have had the wool pulled over their eyes too, I provide you with this link to the other affected sites: http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_ip,209.147.117.51
If I am reading it correctly then it looks to be about 329 total sites affected....
The file placed there was 0wnz.aspx which is how I found out about the other sites affected at above provided link.

So my question is, what IS proper procedure for a webhosting company?
Besides password changes, what other actions should I take?
Should all user account passwords need to be changed? - I don't think they do, unless someone should tell me otherwise...
 
New Post
9/19/2006 10:14 AM
 
Anne Comes

Joined: 10/26/2005
Posts: 74
Sorry, I don't know the answers to any of your questions, although it seems very wrong that the hosting company didn't tell you about this. Which hosting company was it, if you don't mind saying?
 
New Post
9/19/2006 10:30 AM
 
Daniel Struve


Daniel Struve's Avatar

Joined: 2/11/2003
Posts: 475

This sounds like you have a case here, Not sure what can be done.

Im sure the ethics have not translated into real laws yet..... yet

We dont have a lot of hosting co. reps posting here. I would contact some repudiable ones(talk to the main guy)

Also, if there was damage done, I would talk to a good lawyer.

Sorry about your misfortune, hope not much damage done.

DotNetNuke Search Engine
ASP.Net Search Engine
Email me to add your favorite sites to the search List.
 
New Post
9/19/2006 1:23 PM
 
Antony Slater


www.webpc.net
Joined: 9/21/2004
Posts: 499
I would be concerned if they didn't give you ANY information on how it was done.  At the bare minimum I would want to know whether it was an OS issue or a fault in the Web Site code.  If it was the latter then it should be reported to the core team via the email security@dotnetnuke.com (I think this is correct) so its not broadcast everywhere before the core team can review and patch if necessary.

There again if it was due to a security flaw with a 3rd party module you should report it to the module developer.

As to the 'proper procedure' I don't believe there is one.  Its up to the hosting company.  However, you are paying for a service and I believe you should be advised of any problems with that service, if they have already been fixed then I cannot see any reason not, so long a the 'manufacturer' of the code has been advised and put the issue into the public forum.

With what you should do... If the hacker managed to write to the root directory then without any info to the contrary I would be assuming the worst.  See if you can get the raw IIS log files which should give you some pointers as to which files were accessed.  Definately, change your SQL credentials both login and password in the web config AND make sure the old set used are removed from the database. Having said this, if multiple sites were involved and you are using a shared SQL instance a user could have been added 'further up the tree'.  If you have a back up of the site try doing a file compare between the 'non hacked' backup and the current 'hacked' one and follow up on any differences.

Having said all that if the hack was at the operating system level and you don't have TS/Console root access you are not going to be able to confirm for yourself the extent of the compromise.  In which case you have to assess your confidence that what you are being told by those that do have that access.

HTH
Antony
 
New Post
9/19/2006 1:58 PM
 
Jim Skamarakas

Joined: 7/22/2004
Posts: 5

Your hosting agreement is your contract with them. Unless, and unlikely, you have any stipulation regarding privacy of your data and unauthorized access, and then, their requirements to notify you, they did exactly what I would expect from a typical hosting company. Not admit publicly there was an issue.

If they go to your site assume they have any info in your web.config - start there.
If any of your passwords are in plain text in the db, assume they have those.

Assume the worst. That's why we do things like transaction logs and frequent backups. Good luck.
 
 Page 1 of 1
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Server was hackedServer was hacked


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out