Situation Update.

I have updated my DNN application to version 7.1.2 to no avail. During the past night the usual idiots managed to cripple my websites as usual. Didn't do much damage on the outside. Just killed all the  feedback modules on almost all of the websites but not all of them - which I find kind of strange. I thought they would all go down together but evidently I'm wrong.

Too bad the upgrade did not solve the problem. Now I'm down to 2 third party modules and both of the guys making the modules swear they never heard about the module having this vulnerability.

They are definitely not coming thru the SQL server since it's well protected and since all the other DB's on the same installation are untouched as well as all my other .asp and .NET .aspx websites that are not DNN.

I'm ever more puzzled.

Thanks Sebastian, this really looks promising since I noticed the same bot activity and a couple of other things seem pretty similar.

Unfortunately I was so eager I forgot to look at the release notes before running the script and didn't see it was meant for DNN 7.3.2 - 7.4.2 and I'm running 7.1.2

so I got this nasty error:

System.Data.SqlClient.SqlException (0x80131904): Invalid column name 'Custom500TabId'. Invalid column name 'Custom404TabId'. at System.Data.SqlClient.SqlConnection. (SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.SqlInternalConnection. (SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at DotNetNuke.Data.SqlDataProvider.ExecuteScriptInternal(String connectionString, String script) ClientConnectionId:9b1671c6-9842-40a1-a2b8-fa40d8cc011d Error Number:207,State:1,Class:16 -- //TODO: remove admin module permissions -- Grant Page View Permission to "All Users" for Splash Page, Home Page, Search Results and Error Pages: MERGE INTO dbo.[TabPermission] X USING (SELECT DISTINCT T.TabID, R.PermissionID, -1 AS RoleID FROM dbo.[Tabs] T JOIN dbo.[Portals] P ON T.PortalID = P.PortalID JOIN dbo.[PortalLocalization] L ON P.PortalID = L.PortalID CROSS JOIN dbo.[Permission] R WHERE T.TabID IN (L.HomeTabID, L.SplashTabID, L.SearchTabID, L.Custom404TabId, L.Custom500TabId) AND R.PermissionCode LIKE N'SYSTEM_TAB' AND PermissionKey Like N'View') S ON X.TabID = S.TabID AND X.PermissionID = S.PermissionID AND X.RoleID = S.RoleID WHEN MATCHED AND AllowAccess = 0 Then UPDATE SET AllowAccess = 1 WHEN NOT MATCHED THEN INSERT ( TabID, PermissionID, AllowAccess, RoleID, UserID, CreatedByUserID, CreatedOnDate, LastModifiedByUserID, LastModifiedOnDate) VALUES (S.TabID, S.PermissionID, 1, S.RoleID, Null, -1, GetDate(), -1, GetDate());

I can't understand if  SQL rolled back the whole thing and the system is still funcional or if it crippled it and I need to restore before upgrading and running the script again.

Everything seems to be working for the time being