Products

Solutions

Resources

Partners

Community

Blog

About

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...My site has been hacked!My site has been hacked!
Previous
 
Next
New Post
3/3/2010 9:21 AM
 

I just got an email from my client this morning asking what has happened to his site:

www.daytonartificiallimb.com

Has anyone else seen this or have any idea what has happened and what I should do to fix it?!

 

 

 
New Post
3/3/2010 10:32 AM
 

Please send an email to security@dotnetnuke.com who can help identify the issue and recommend a resolution.


Joe Brinkman
DNN Corp.
 
New Post
3/3/2010 10:38 AM
 

Just by looking at the page nobody can tell you what happened.  Most common would be a server or FTP issue, especially a compromised password, but this looks like a basic scripted attack against known flaws.  Log files and firewall logs might help trace this, but the bottom line is the server wasn't fully secured.  Resotre from a known good backup, after either fixing the server flaws or, if you don't know what they are, flattening the box and installing the server from scratch.

Jeff

 
New Post
3/3/2010 10:47 AM
 

@Jeff

You are right. This is not a DNN issue but a server security issue. Someone uploaded a new default.htm to the site somehow.

Thanks

 

 
New Post
3/3/2010 12:00 PM
 

Over the past few months, we've been hacked about 3 times.  Someone was able to upload default.htm (and other extentions) to not just the root DNN folder, but to all the child portals as well. We eventually realized that it was due to a vulnerability with FCK editor in DNN.  We figured this out when we checked our IIS logs and realized that the hacker's IP viewed this page Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx.  After some Googling, I found the exact method the hackers use, which exploits the ability for unauthenticated users to view the link page that's used by the text editor to gain access to your portal folder.

We were still running DNN 4.x and had to upgrade to the latest version to correct the issue. 

I would suggest checking to see which version of DNN you're running, and if it's not up to date, upgrade to the latest version.

 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...My site has been hacked!My site has been hacked!


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out