Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security forum; hacking attempt /phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../.Security forum; hacking attempt /phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../.
Previous
 
Next
New Post
2/27/2011 4:16 AM
 
Store Integrator


Joined: 11/27/2007
Posts: 238
Hi,

I am wondering if there is a particular forum at DNN to discuss and report security issues?

I found tons of event logs like the one below. Some dude is trying to hack us. Any idea if somebody is activily collecting these kind of threads and checking if these kind if attacks have no effect?

J.

AssemblyVersion: 5.6.1
PortalID: -1
PortalName:
UserID: -1
UserName:
ActiveTabID: -1
ActiveTabName:
RawURL: /phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd
AbsoluteURL: /phplists/admin/index.php
AbsoluteURLReferrer:
UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: fb2a52d2-cee7-412e-a031-8e6a2627ba80
InnerException: Not Found
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: iFinity.DNN.Modules.UrlMaster.UrlRewriteModule.SecurityCheck
StackTrace:
Message: System.Web.HttpException (0x80004005): Not Foundat iFinity.DNN.Modules.UrlMaster.UrlRewriteModule.SecurityCheck(HttpApplication app)at iFinity.DNN.Modules.UrlMaster.UrlRewriteModule.OnBeginRequest(Object sender, EventArgs e)
Source:
Server Naam: -
 
New Post
2/27/2011 5:28 AM
 
Store Integrator


Joined: 11/27/2007
Posts: 238
Hi,

Could anybody help me with this one? I am not able to trace the ip number of the sender of this event. Not in the IIS event log, not in the application exceptions of IIS, not in the eventlog of DNN. If I enter the url myself, I can see it however. Any ideas how to track down who is the sender of these unknown requests? If I run the script myself on a domain, the eventlog of dnn registers an error, but without ip. This would be an asset of the eventlog to do register it.

Any ideas why this request is not logged? If it is not logged, it is not auditable..and certainly a threat .

J.
 
New Post
2/27/2011 5:36 AM
 
Store Integrator


Joined: 11/27/2007
Posts: 238
Reported as potential security threat:
http://support.dotnetnuke.com/issue/V...
 
New Post
2/27/2011 8:17 AM
 
Bruce Chapman


www.dnnsoftware.com
Joined: 12/7/2005
Posts: 792
Others can conifrm, but this looks like some sort of attack against php sites in order to reveal passwords.  To me it looks like an attack against a known piece of software.

The Url Master module has the same restrictions on supplying relative path Urls as the core Url Rewriter.  Thus it throws an exception when this particular type of attack is tried.  The module will not let through requests of this type and throws the exception you see.

In this case, the sender would have received a 500 error as a response code (you can check your logs to confirm).  I would just block that IP.
 
New Post
2/27/2011 3:33 PM
 
christopher


www.acadianacomputerrepair.info
Joined: 11/1/2009
Posts: 105
Are you using php list?
Acadiana Computer Repair Blog
 
 Page 1 of 3
123Next 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security forum; hacking attempt /phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../.Security forum; hacking attempt /phplists/admin/index.php?_SERVER[ConfigFile]=../../../../../../../.


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out