Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.2.9 under attackDNN 6.2.9 under attack
Previous
 
Next
New Post
11/2/2015 5:45 AM
 
Edoardo Antonini


Joined: 12/11/2006
Posts: 137
Hello,
some ass*** has been attacking my DNN portals with SQL injection attacks for the last month or so. I keep restoring backups and loosing days worth of data and users keep getting pissed at me for this.

I read on numerous forum threads that "DNN is not vulnerable to SQL injection as long as there are no third party modules" which is b.s. because the platform is made and thought out to allow and encourage the use of third party modules.
One small example, I was willy nilly forced to install a third party module (iwebs recaptcha) to stop bogus bot registrations on my websites since the core module captcha did not provide any sort of protection against this problem.

Now I activated URLSCAN, crippling part of my websites using special characters like é, à ù, ò in page titles just to have the idiots crack and cripple my website all the same.

I'm planning to give DNN a last try by upgrading to version DNN 7 and hoping to solve the problem but I have the feeling it's not going to help.

Any idea how to stop these fools from wreaking havoc on my portals for good??

Please don't tell me I have to get rid of all third party modules cause I paid good money for them and thrashing the whole lot does not sound like a reasonable solution to me, or at least it does only if I switch to a totally different and less vulnerable platform altogether. I have deactivated and uninstalled less useful modules where possible and I would be ready and prepared to uninstall/upgrade the culprit module as long as I could find out for sure which one it is and solve the problem altogether.

I have installed Security Analyzer but to no avail.

Need urgent qualified help please.

Thank you
 
New Post
11/3/2015 10:40 AM
 
Edoardo Antonini


Joined: 12/11/2006
Posts: 137

No idea anyone? No one has ever come across this kind of problem and solved it?

Is there a way by looking at the logs to understand where are these idiots coming in from? What vulnerability are they exploiting?

Looking at the log viewer isn't much help at all.

I have also activated DNN logs but it's not much use either. The "security through obscurity" seems to be baffling administrators more than hackers in my opinion.

I don't have the faintest idea of what is going on in DNN's entrails but they seem to know pretty damn well for sure!

Help anyone!? Hello?
 
New Post
11/3/2015 11:44 AM
 
Mike Riley


Joined: 5/5/2006
Posts: 1138
Edoardo,
I think you'll really need to look at web server logs rather than DNN logs to determine where the attacks are coming from.
Are YOU managing the web server and SQL server? The attacks could be using vulnerabilities in the server and not necessarily DNN.
Are there any other sites/applications that connect to your DNN database?
Have you checked the files in your DNN installation? Have you come across any suspicious files?
What exactly are you experiencing in your site that is causing the problems?
Also, I think the comments about the core of DNN being secured from SQL injection but NOT 3rd party modules basically is saying that "We know the core of DNN is safe from SQL injection. We can't, however, guarantee that 3rd party modules don't have this potential security risk."
 
New Post
11/3/2015 12:18 PM
 
Edoardo Antonini


Joined: 12/11/2006
Posts: 137
Are YOU managing the web server and SQL server? The attacks could be using vulnerabilities in the server and not necessarily DNN.
Are there any other sites/applications that connect to your DNN database?
Have you checked the files in your DNN installation? Have you come across any suspicious files?
What exactly are you experiencing in your site that is causing the problems?
Also, I think the comments about the core of DNN being secured from SQL injection but NOT 3rd party modules basically is saying that "We know the core of DNN is safe from SQL injection. We can't, however, guarantee that 3rd party modules don't have this potential security risk."

 

Hello Mike,

thanks first of all for answering.

I am not directly managing the SQL and web server but I do have access to it and therefore can take a look at the logs files.

As I previously said, I have activated the DNN logging feature from web.config as well.

luckily no site other than my DNN installation and another DNN installation on the server is affected by the attack. I have .NET sites and classic .asp sites on the server but they are all unaffected by the attacks and I therefore assume the attacks do come through the DNN platform.

I  have somehow checked the files in the DNN installation but being an old portal - I started off from DNN 2 - it has got tons of files all over the place.

What I'm experiencing is someone manages somehow to cripple my installation and I get all these errors on the site pages. They cripple my modules that don't show on pages and throw errors all over the place and the site looses more or less all functionality and I'm forced to restore a previous backup since there is no way of understanding how to repair the damage with all the administrator tools down.

Is there a way to trace what is happening or at least to somehow find out WHICH module is the weak spot in my installation. Any suggestions? I have closed down some websites in my installation to reduce the total surface area of attack, I have been eliminating, pages, modules and crippled most of my website's funcionality without being able to stop the attacks.

I just don't understand what to look for and where in order to somehow pinpoint the cause of infection.

I have activated URLSCAN since I saw in the log viewer the attacker trying to escape special characters to launch queries to the database but it hasn't stopped them either and this really leaves me puzzled since I don't have the faintest idea how and where these guys manage to crack into my installation if not through bogus URL queries.

Any help, hint, idea is welcome.

Thank you very much

Edoardo
 
New Post
11/3/2015 12:19 PM
 
Joe Brinkman


Joe Brinkman's Avatar

blog.theaccidentalgeek.com
Joined: 5/18/2003
Posts: 2356
I think Mike has some really good suggestions on where to look.  IIS Logs are your friend when trying to identify where the vulnerability might be occuring.  As far as 3rd party modules, this is not much different than the situation with Flash and OSX/Windows.  Flash is viewed as a huge security vulnerability that is completely independent of the security of the underlying OS.  We work very hard to make sure that the platform is secure out of the box, but 3rd parties may not always follow good security practices.  It is not a case of having to give up 3rd party modules, but it may require you to do some investigation to determine which modules may be problematic and which are well built.
Joe Brinkman
DNN Corp.
 
 Page 1 of 9
123...9Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.2.9 under attackDNN 6.2.9 under attack


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out