Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security issueSecurity issue
Previous
 
Next
New Post
11/17/2011 12:52 PM
 
Bill MacIntyre

Joined: 9/19/2007
Posts: 23

Hello,

I have an issue reported by a client I need rectified ASAP.
The client has protected content in an area of the site that include PDF documents.
The content is not accessible when going to the URL unless logged in (as expected)
But- the client has discovered when doing a Google search that some of the PDF documents (pages) have shown up in the Google search.
The weird thing is that the URL in the Google results in another portal on the same DNN instance.
The path is: http://TheOtherDNNPortal.Com/Portals/4/TheDocument.pdf
Portal ID 4 is the site that should have the content protected
 
New Post
11/17/2011 1:15 PM
 
Chris Hammond


Chris Hammond's Avatar

Chris Hammond's Avatar

Chris Hammond's Avatar

www.christoc.com
Joined: 1/14/2003
Posts: 7319
I would recommend using the "Secure" folder options in the File Manager, this will obfuscate the file names of the files and prevent access to the files in the folder. Though you will have to do some work, removing the old files and moving them into the secure folder, as well as linking to the secure location from wherever they are linked elsewhere.
Chris Hammond
Former DNN Corp Employee, MVP, Core Team Member, Trustee
Christoc.com Software Solutions DotNetNuke Module Development, Upgrades and consulting.
dnnCHAT.com a chat room for DotNetNuke discussions
 
New Post
11/17/2011 1:36 PM
 
Kornelis Pieters


Joined: 2/11/2009
Posts: 111
You must solve this using either Chris' way, or by securing your NTFS/IIS-rights. The latter wil also prevent 'anonymous' users, who somehow know the exact URL to a document on your site, from accessing the document. Not sure if that's also true for DNN's file security option(?).

DNN itself uses fileticket-ID's instead of direct links, when you use one of DNN's text-editors to create links to any file in your portal. When following a fileticket-URL, DNN will, at NTFS-level, access the file as the IIS-user (which is usually the Network Service-account). When using the exact direct URL, and thus bypassing DNN completely, IIS' anonymous-user is used (usually the IUSR_X-user).

You can therefore solve this by disabling anonymous access for the specified folder/file(s), by removing the IUSR_X-username in the NTFS-rights and/or by disabling anonymous access for the folder/file(s) in IIS.
 
New Post
11/21/2011 11:19 PM
 
Van Blues


Joined: 11/16/2011
Posts: 3

I encountered a similar issue. I believe the root of the issue may be that your parent portal's website is not locked down enough i.e., from within IIS on main parent portal's site it's still allowing anonymous connections.  Anything under the core framework/directory is accessible i.e., portal4.   So even though your other site may be secure, those files still seem to be visible (and found by google) and those files are passed to asp.net and served up by IIS.  With this access open google's bots are able to search your site and add to their search directory and results.

So check your parent's site security settings in IIS and disallow anonymous (which should stop/minimize google finding your files.  Also as others have mentioned store your files in a "secure folder" within DNN.  This tacks on .resource to all your files in that directory treating them as resource files which won't be served up by IIS.

Also, ensure to have your google account setup, so you can sign into google webmaster tools and use the "removeurl" tool to remove the offending urls from google's directory.  You may need to do a few different searchs to ensure you find all the possible searches that are now visible on the internet and then remove them from google's "search results" and "directory".  Note: that it will take about 1-2 days for google to clear these links from their directory and search results.

Also google has a robots.txt that you can save to your webserver to tell google not to search your site.  So if you're very security conscious this may be an option for you.

Hope this helps

 
 
New Post
11/22/2011 7:40 PM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
usually, google indexes links only, if there are public links, however, as long as you are not using secure folders, anyone knowing the file URL will be able to download any file (nearly, depending on file type).
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
 Page 1 of 1
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Security issueSecurity issue


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out