Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.2.9 under attackDNN 6.2.9 under attack
Previous
 
Next
New Post
12/22/2015 6:14 AM
 
Check out AdjustPermission script, it contains SQL Statements to remove edit permissions for all and unauthenticated users roles.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
12/22/2015 7:07 AM
 

Now that you made me think about it I tried to execute the permissions script by itself, I got an error with a //TODO query on the end of it. The site is up and running after the error, just as you said but did the script effectively change something nonwithstanding the error or did it simply rollback given the error on the nonexistent table?

What is the //TODO query for? Am I supposed to run it on SQL, in the SQL window?

If the effectiveness of the script dependson running TurboDNN742.sql before it, then I have a big problem since it crashes my installation each and every time.

I'm about to further upgrade my installation so I'll keep you posted on what happens after I try to run the TurboDNN742.sql script against the higher DNN version.

Thanks

 
New Post
12/22/2015 1:41 PM
 
the "//TODO" is preceded by a "--" comment mark, i.e. it is a comment (for myself) and not be executed.
Please make sure to execute complete lines only, usually from behind a GO to a subsequent GO

If you execute the script outside of DNN > Host > SQL, you need to replace the placeholders in {}

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
12/24/2015 6:17 AM
 

Latest update:

I am now on DNN 7.2.2, 

I have removed all editing permissions I had given specific registered users over HTML modules appearing on their own pages

running on DNN 7 allowed me to remove Ifinity Google Analytics module from my pages.

The application seems to have survived an attack but I can't be sure of it just yet. I'll keep you posted when I'm sure of it.

No way of running the TurboDNN scripts just yet since my system invariably crashes after I execute the very first one TurboDNN742 that leaves my application crippled and non functional. The first time it threw a SQL compatibility error I fixed after restoring. The second time It threw a FK constraint error regarding the Feedback Module.

Can I run the permissions script without running the TurboDNN742 script before? Is it going to be any good or will it simply do nothing without running the other script beforehand?

Thanks for your help and Merry Christmas

 

 
New Post
5/19/2016 5:51 AM
 
I've been silently fighting this thing for the past months. I have spent more money on buying new versions of the 3rd party modules I'm using. Now everything is up to date but the idiot still reeks havoc on my DNN installation.

Can't seem to be able to copy/paste the error...so here is an image of it.




Is there a query I can lauch on the whole database to see where this string turns out? I tried to look for it in the HTML Text table but it's not there.
Must be somewhere else. Any idea where I could look for the string to try and pinpoint where the attacker is hacking at my installation?

Any help will be greatly appreciated.
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...DNN 6.2.9 under attackDNN 6.2.9 under attack


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out