Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...onyaktech hacked.onyaktech hacked.
Previous
 
Next
New Post
6/27/2006 2:05 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
I've already emailed a number of sites asking them to update their incorrect reports, but I'm sure you know how it is in the security industry, that a single report rapidly get's copied, and rarely updated. In fact I've been through this before, when an issue was raised in a beta for the early dnn 3.x range, and it took a series of mails and nearly 4 months, to get the issue updated correctly (and this was for an issue that never existed 'in the wild' as we did not support beta's in production, nor upgrades between betas)

In this case, the issue was discovered 2 months ago, and the vendor emailed his customer list with the report, and invited them to download and install the update. I also posted a few emails and a blog post to ensure that everyone would see it, but it seems that some missed it probably through mails going to email accounts they no longer used, or being caught in spam filters.

We'll add a note to the newsletter going out later this week to again alert people to this issue, and I've added an item to my workload to look into adding support for automatically checking for security issues in 3rd party modules.

Cathal
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
6/27/2006 3:42 PM
 
Mike Horton


Joined: 7/16/2003
Posts: 4865

Cathal is correct about the email being sent out as I did receive it myself. Because it was a module that I'd never used in production I didn't worry about it but customers were made aware of the problem. Like Cathal said, chances are the email to Chris (and other costumers who didn't update) was probably captured by his spam filter.

To the person that was worried about his purchase from Onyatech, you have nothing to worry about. Onyatech is not the creator of the module that had the problem.
 
New Post
6/27/2006 4:59 PM
 
Chris Onyak


www.OnyakTech.com
Joined: 8/27/2003
Posts: 799

OnyakTech.com is back online.  It was a very simple hack with just one file replaced.  Nothing else was damaged and no information was stolen.   Even if information had been stolen, data is encrypted and financial information does not exist (it is not stored anywhere within our network or even within our reach).

I want to clarify that OnyakTech is in no way associated with the cause of the recent hackings to DotNetNuke Portals.   OnyakTech components are and have always been safe and secure. 


Professional DNN Extensions, custom solutions and mobile apps since 2003.
www.OnyakTech.com
 
New Post
6/27/2006 6:16 PM
 
Nina M


www.berrydigital.com.au
Joined: 1/23/2004
Posts: 1961

Cathal is correct about the information being released, AND a dnn-modules.com sending out a newsletter, and it being posted on the forum here -

I blogged about it back in May -

http://www.xd.com.au/blogs.xd?EntryID=328

I heard of another site that got affected today  - But it is important to patch or get rid of that module since I made a mistake of renaming it and got hit twice.

It's not a reflection on DNN at all.

Nina Meiers

Nina Meiers My Little Website
If it's on DNN, I fix, build, deploy, support,skin, host, design, consult, implement, integrate and done since 2003.
Who am I? Just a city chic, having a crack at organic berry farming.. and creating awesome websites.
 
New Post
6/28/2006 6:10 PM
 
Johnny Smaction

Joined: 6/8/2006
Posts: 2
I think the people in the DNN comunity did a  great job of getting the word out without giving up too much information. It is just sad to watch site after site getting hit with this. Even worse are the sites that got compromised only because they happened to be on the same server that had the module on it.
 
 Page 3 of 3
Previous123 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...onyaktech hacked.onyaktech hacked.


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out