Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...DNN Site(s) HackedDNN Site(s) Hacked
Previous
 
Next
New Post
2/27/2009 9:33 PM
 
Allen Foster


Joined: 2/19/2004
Posts: 47

Got an email and a phone call from one of my clients today.

Google had sent him an email stating that:

=======================================================
While we were indexing your webpages, we detected that some of your pages were using techniques that are outside our quality guidelines, which can be found here: http://www.google.com/support/webmasters/bin/answer.py?answer=35769&hl=en. This appears to be because your site has been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.
The following is some example hidden text we found at http://myclientsdomainl.org/:
http: // www. movie2b .com/
=======================================================

I reviewed the site and found that a link had somehow been injected in a Text/HTML module.  While building the site we had specified that the Text/HTML module in question be set to show on all pages on the site - so the movie2b link was on each page given a position such that it would not be visible, e.g. style="top:-7684px;position:absolute;"

My SEO guy has found a notable number of DNN sites that have the same problem - somehow movie2b or some black seo agency has been somehow hacking into dnn sites.

Has anyone else noticed this problem?

Any idea as to how they hacked into the sites in order to add their link? I can provide a list of other dnn sites that we have found that have been infected if anyone is interested.

Thanks.
 
New Post
2/27/2009 9:45 PM
 
Bill Mason


www.wcm-consulting.com
Joined: 1/15/2005
Posts: 166

What version of DNN is the site running? 
 
New Post
2/27/2009 10:08 PM
 
Alex Shirley


Joined: 1/30/2006
Posts: 5038

... and please review Cathal's blog:

http://www.dotnetnuke.com/tabid/825/BlogID/28/ParentBlogID/5/Default.aspx

Alex Shirley
 
New Post
2/28/2009 7:04 AM
 
Tony Valenti


www.PowerDNN.com
Joined: 1/17/2006
Posts: 567

If I remember correct, there's a security vulnerability in one of the versions that allows anyone to update content in a text/html module if they know what they're doing.  It might be time to upgrade!

 

Tony Valenti
Tony.Valenti@PowerDNN.com
+001-402-650-6072

PowerDNN.com - World Leader in DotNetNuke Hosting and DNN Hosting
DNN Hosting Australia - DNN Hosting Europe - DNN Hosting US
 
New Post
2/28/2009 9:10 AM
 
Allen Foster


Joined: 2/19/2004
Posts: 47

The site that we built for our client is version 4.08.04

thanks
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...DNN Site(s) HackedDNN Site(s) Hacked


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out