Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeGetting StartedGetting StartedNew to DNN Plat...New to DNN Plat...Hacked website - Security ReviewHacked website - Security Review
Previous
 
Next
New Post
3/9/2011 10:32 PM
 
Jeff M.


Joined: 7/30/2009
Posts: 422
Hello..  A website we work on has been hacked somehow..  The main DNN default.aspx page has had what appears to be an cross-site scripting attack done to it.  The file modification date is 2/18/2011 @ 1:57am.  The DNN CE install is hosted off-site as well, so I'm not sure how much info we can get from the hosting company.

I was able to get a copy of the DNN database as well as the original files.  Whatever occurred, it took the site down two days ago.

Who can I contact to possibly get an investigation started on this?

Thanks.. -Jeff
 
New Post
3/10/2011 6:12 AM
 
Chris Smith


www.nddllc.com
Joined: 1/25/2003
Posts: 681
What version of DNN are you running? Does your server allow for FTP access? Shared hosting?

You can contact security@dotnetnuke.com regarding the issue.

 
New Post
3/10/2011 8:51 AM
 
James Campbell


jamesecampbell.blogspot.com
Joined: 10/16/2008
Posts: 130
Sounds like a file permission issue on the IIS server, or unsecure FTP. Either way, I would install the version you were using and update all modules, and database tables, if they are out of the box modules, reinstall from the original source. Make sure sever has all Windows and program updates. After getting it running make sure to update to DNN 5.6.1 to make sure all known DNN security updates are applied. (make sure any vendor modules are compatable with 5.6.1 before upgrade) Lastly, CHANGE ALL PASSWORDS
Thank you,
James Campbell
MCP,MCSA,MCSE,Sec +
http://jamesecampbell.blogspot.com
 
New Post
3/10/2011 9:27 PM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
Jeff, Which Version of DNN are you running?
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
4/5/2011 1:40 AM
 
Kelly D

Joined: 2/21/2006
Posts: 55
Hi Guys,

This happened to me, too. I'm running 4.9.5. On 3/30, I noticed html files in my root DNN directory that didn't belong. I deleted them and informed my host. The sites didn't appear effected (but I was just looking at the site itself - i don't know much about the sever side of things). I changed all passwords for FTP accounts, Hosting accounts and user accounts on effected sites. Then today, another html file that didn't belong was in the same effected installations. I googled this file name and it's the same "hacker army" that took down an NHS healthcare site in Dorset last week. Great. This time, it changed my Default.aspx file to display their own message. Again, I have removed the html files and replaced the Default.aspx files with ones from my local directory.

I contacted my host and got the following response:

"Ok, I have reset the permissions for Guest User for all your websites.
It seems some bug related to Dotnetnuke, which allowed the hacking
attempt and replacing default file.

Recently we received some information from other client
---
The malware was there because of a vulnerability in a rich-text editor,
"FCKEditor", so that anyone could upload malware without knowing the
login password."


Of course, it also effected a non-DNN site without FCK, so I don't think that is a problem.

Anyone else getting hacked all of a sudden? Any thoughts on what I can do? Am complete newbie when it comes to server side stuff so detailed directions are appreciated.

Thanks everyone!
 
 Page 1 of 1
Previous
 
Next
HomeHomeGetting StartedGetting StartedNew to DNN Plat...New to DNN Plat...Hacked website - Security ReviewHacked website - Security Review


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out