Hi,

I ran into in issue with DNN that broke a lot of the JS UI/functionality stuff. I'm not sure what happened, if I should report it as a bug or what to do from here - so here goes.

I had been editing the content of a module, got distracted and left it hanging without submitting changes. When I came back and wanted to submit, I had been auto logged off in the meantime. This resulted in a forward to the login page, I logged in, and voila.....the site was broken!!!

Great...I checked the content entries manually in the DB to check for corrupted stuff or anything that would make sense - nothing. I changed jQuery settings to use hosted jQuery versions 1.7.1/jquery.min.js and 1.8.18/jquery-ui.min.js respectively - nothing. I then inspected the page using Chromes Inspect Element and noticed a couple of errors on the site. There were 5 syntax errors in some JS files, something about "dnnconfirm not 'something something' " and a "Refused to display document because display forbidden by X-Frame-Options."

The 5 JS files being:

1. /Portals/_default/Skins/DarkKnight/DNNMega/jquery.dnnmega.debug.js
2. /Resources/ControlPanel/ControlPanel.debug.js
3. /Resources/Search/Search.js
4. /js/dnn.modalpopup.js
5. /js/dnn.jquery.js

I opened the files and noticed that all of them started with 3 question marks - ???

And I was like "Hmm, wtf?". Well, deleted the question marks, uploaded the files and refreshed the site - everything was now working. I've no idea what happened, but somehow those js files had ??? prepended, which caused the shite to blow up in my face. A bug, coincidence, server error, hax attax by js midgets, or what have you??? Who knows! Just thought I should share with you guys!

DNN Setup Details:

• DotNetNuke Community Edition
• Version 06.02.00 (1610)
• .NET 3.5
• Fresh install (Typical) - not upgrade
• Using the DarkKnight DNNMega skin thingymabob

Btw - The "Refused to display document because display forbidden by X-Frame-Options." error is still there, I have no iFrames or embedded stuff other than the standard DNN setup pages on my site. I'm not sure if this error existed before the crash or came as a result of it!

Regards
Jones

Hi,

Another update! I figured out what caused the problem. It is the JS.Runfore virus that have infected my host. The virus changes all the .js files and tries to access a .ru website similar to this - wakvnkyzkyietkdr.ru/runforestrun?sid=botnet2

Please refer to this post for more info about JS.Runfore infected websites.

Regards
Jones

Hi Jos,

Exactly - I recovered my site the same way you did. Overwriting the files (including the extra js files you mentioned) with the original files from the installation files. To be safe I actually uploaded all original js files.

Due to this infection being caused by a vulnerability in Plesk, I also changed FTP accounts on all my domains. I was told by my host that all email and database accounts should also have their passwords reset. I had lost the connection to one of my DB's due to a password change, wonder if they have grabbed all my data from that DB as well!

Recovering the infected sites in this way, have only temporary effect, unless the host patches their vulnerable systems.

Read more about removing the virus.
Read more about the effects of the virus.
Read more about patching Parallels Plesk Panel.
Read more about other DNN users dealings with the virus.

Regards
Jones