Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Is the file Is the file 'SQL.asp.jpg' likely to be a virus
Previous
 
Next
New Post
1/30/2012 6:39 AM
 
Spapro

Joined: 11/29/2009
Posts: 14

Hi,

When backing up our site down to a local drive my antivirus suspects an 'ASP backdoor threat' from the following 2 files located in the root\portals\0\64 folder for our site:

SQL.asp.jpg

SQL.asp;.jpg

Are these files likely to be virus infected ?

Are these files used much/at all by DNN ?  Can I delete them without damaging my site just to avoid these annoying antivirus messages ?
 
New Post
1/30/2012 10:00 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
this is a major issue as that file is a backdoor to your server - typically files such as that are uploaded using an IIS6 bug and combined with an issue we fixed in 4.8.3 - see http://www.dotnetnuke.com/Resources/Blogs/EntryId/2533/IIS6-a-word-of-warning-on-an-issue-affecting-some-websites.aspx for more details. Please delete both the files ASAP and consider upgrading to a more recent version (and ideally moving off IIS6)
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
1/30/2012 12:17 PM
 
Spapro

Joined: 11/29/2009
Posts: 14

We did have our site hacked back in December 2010 (cleaned the site afterwards and moved hosts as it happened repeatedly with our old host).

Since January 2011 we have been with discountasp.net for hosting and the site has not been hacked (as far as I am aware) so wonder if these files are residue from the previous problems ?

We are running DNN v5.6.3 and have been for a long while.

Is there anything else I should check to ensure we haven't got an ongoing issue ?

 
New Post
1/30/2012 12:27 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
4.8.3 was released on May 23rd 2008, so if you had not updated to that version or higher that could be the cause on the issue (or if another website on the server was running an older version of dotnetnuke it could be the cause). I would recommend that you consider changing your database password, and also check if there are any unexpected admin/host users.
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
1/30/2012 4:25 PM
 
Spapro

Joined: 11/29/2009
Posts: 14

Thanks Cathal,

Our site was built in November 2009 so we would be using the latest version available at that time.

Looking at previous backups of the site this '...portals/0/64' folder and these 2 files appear to have become present between April and August last year (2011).

Checked and there are no unexplained/unexpected host or admin users.

We are on a shared server with discountasp.net so not sure I can do anything about IIS6 if thats what in place - but we can change our database password and will !

Thanks for your help Cathal, much appreciated.  Anything else worth checking before we breath a sigh of relief and think our site is 'clean' ?

 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...Is the file Is the file 'SQL.asp.jpg' likely to be a virus


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out