Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Our website is being spammed or hacked!Our website is being spammed or hacked!
Previous
 
Next
New Post
6/22/2011 4:51 PM
 
mohann2009

Joined: 12/25/2009
Posts: 5
This is kinda strange.. our online users reached up to more that 3000 per day during nighttime which is very impossible. When we load our site, from the bottom you can see that is is loading xxxporno-video.blogspot.com.  it seems like we are loading such site which we are of course not insane to do that! what seems to be the problem? please help!
 
New Post
6/23/2011 10:22 AM
 
Ricardo Serenil


www.PowerDnn.com
Joined: 7/25/2010
Posts: 41
It sounds like your home page may have some sort of malicious script or code embedded into it. Often times when I have seen this, it was due to a vulnerability being exploited or someone obtained FTP/control panel access to the persons site.

For starters, I would change all your host/admin user passwords, FTP passwords, and any other credentials you use to access any web based control panel for your web host just to be safe. You will want to go through the file structure of your web site to see if there are any files that have been modified with this code or uploaded recently. I would also suggest looking through your site logs to see if there have been any users logged in that have changed any of the content. It may even be worth scanning your PC or any other users who edit content on your site for any viruses or malware. Depending on the DNN version, you may want to consider upgrading as well.

I hope this helps out and good luck with tracking down the problem.
Ricardo Serenil
Ricardo.serenil@PowerDNN.com
+001-877-743-8366

PowerDNN.com - World Leader in DotNetNuke Hosting and DNN Hosting
DNN Hosting Australia - DNN Hosting UK - DNN Hosting US

PowerGrid - The DotNetNuke Private Cloud is Here!
 
New Post
6/24/2011 2:14 AM
 
mohann2009

Joined: 12/25/2009
Posts: 5
@Ricardo...thanks for the tips. is it also possible that the weak part is our server? we have an enterprise edition of dotnetnuke and it is 5.6 so i guess no need to upgrade right? 

when i checked the webserver, there are some alien txt files created by the hacker..some have writings on it that says hacked by pmei - indonesian hacker! have you heard some cases like this before from this so called indo hacker?  

another thing, when you load the site and click view source from the browser, at the bottom part , just before the "</body>" tag, you can find ff: (which of course these things where not part in any of our skins. even if i change skin, it will still appear)

<div style="display:none;"><a title="ask tesadufleri sever izle" href="http://www.filmfullizle.com/ask-tesadufleri-sever-izle.html" target="_blank">Ask tesadufleri sever izle</a>, <a title="animasyon film izle" href="http://www.filmfullizle.com/film-izle/animasyon-film-izle-filmler">animasyon film izle</a>, <a title="erotik film izle" href="http://www.filmfullizle.com/film-izle/erotik-film-izle">erotik film izle</a>, <a title="turkce dublaj film izle" href="http://www.filmfullizle.com/filmi/turkce-dublaj-film-izle">turkce dublaj film izle</a>, <a title="film izle" href="http://herseyde.blogspot.com" target="_blank">film izle</a>, <a title="full film izle" href="http://zirzip.blogspot.com" target="_blank">full film izle</a>, <a title="hd film izle" href="http://admilx.blogspot.com" target="_blank">hd film izle</a>, <a href="http://zirzir.blogspot.com" target="_blank">indirmeden film izle</a>, <a href="http://wu24.blogspot.com" target="_blank">film seyret</a>, <a href="http://zirzir.blogspot.com" target="_blank">filmini izle</a>,<a title="zirzirr" href="http://zirzirr.blogspot.com" target="_blank"> film izle</a>, <a href="http://wavvo.blogspot.com" target="_blank">dizi izle</a>, <a title="anime izle" href="http://www.animeizle.tv" target="_blank">bedava film izle</a>, <a title="erotik film izle" href="http://dlcvn.blogspot.com" target="_blank">erotik film izle</a>, <a title="karayip korsanlari 4 izle" href="http://www.filmfullizle.com/karayip-korsanlari-4-izle.html" target="_blank">Karayip korsanlari 4 izle</a></div>
<IFRAME name="byagresif" src="http://xxxporno-video.blogspot.com" width="0" height="0" scrolling="no" frameborder="0" marginwidth="0" marginheight="0"></IFRAME>
<IFRAME name="byagresif" src="http://xxxvideo-izle.blogspot.com" width="0" height="0" scrolling="no" frameborder="0" marginwidth="0" marginheight="0"></IFRAME>
<div style="position: absolute; top: -999px;left: -999px;"><div id="links">
 
 
<a href="http://xxxporno-video.blogspot.com" target="_blank" title="xxx video izle , free porno, ?cretsiz porno, t?rk?e porno, t?rbanl? porno, xhamster pornolar? izle, HD porno izle, HQ porno izle, BDSM Videolar? izle, Redtube videolar? izle">porno izle</a>
<a href="http://xxxporno-video.blogspot.com" target="_blank" title="xxx video izle , free porno, ?cretsiz porno, t?rk?e porno, t?rbanl? porno, xhamster pornolar? izle, HD porno izle, HQ porno izle, BDSM Videolar? izle, Redtube videolar? izle">xhamster izle</a>
<a href="http://xxxporno-video.blogspot.com" target="_blank" title="xxx video izle , free porno, ?cretsiz porno, t?rk?e porno, t?rbanl? porno, xhamster pornolar? izle, HD porno izle, HQ porno izle, BDSM Videolar? izle, Redtube videolar? izle">redtube izle</a>
<a href="http://xxxporno-video.blogspot.com" target="_blank" title="xxx video izle , free porno, ?cretsiz porno, t?rk?e porno, t?rbanl? porno, xhamster pornolar? izle, HD porno izle, HQ porno izle, BDSM Videolar? izle, Redtube videolar? izle">t?rk porno izle</a>
 
New Post
6/24/2011 6:23 AM
 
Byteblocks


www.byteblocks.com
Joined: 10/20/2009
Posts: 31
Mohan,
Do you allow users of your site to post any content? I mean things like user can post some question or post some forum question/answers and things like that? Are you using any third party modules that expose any input fields to users?
Basically you may have to look for cross site scripting, forgery etc. kind of intrusions that may have lead to some breach in your site or server.

Start with event logs, IIS logs etc. starting from the time a day or two before when you suspect suspicious activities started.

http://www.byteblocks.com

ByteBlocks

http://www.byteblocks.com
 
 Page 1 of 1
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Our website is being spammed or hacked!Our website is being spammed or hacked!


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out