Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...DNN 7.01.01 website hacked!DNN 7.01.01 website hacked!
Previous
 
Next
New Post
9/5/2013 12:18 PM
 
Matthias Schlomann


Joined: 8/10/2003
Posts: 3594
Login as host or admin and found 'Event Viewer' in the Admin section of your Control Panel.  Check for issues.  Also if you have logging enabled you can check the DNN Site Log in the envanced 'Admin section of the Control Panel.  Check also IIS logging if it is enabled for your site.
Regards
Matthias
DNN MVP
www.aarsys.de
Metro7 Skin
ShoutCastStats Module for DNN
 
New Post
5/4/2014 9:12 AM
 
Jan Kever


Joined: 5/4/2014
Posts: 1

Your website was likely hacked due to a fault in DNN. DNN is susceptible to portal hacking and javascript injection. Remove the folders/files or change the security permissions of the following folder/files: /Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx.

 
New Post
5/4/2014 1:09 PM
 
Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 46212
Jan, old DN installations may suffer from a vulnerability in a 3rd party extension, I always suggest upgrading to a newer version of DNN or at least install new version of the editor (download for free from http://dnnckeditor.codeplex.com) and uninstall FCKeditor provider. This is not a vulnerability of DNN platform itself.
Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
10/28/2014 12:44 PM
 
Yogs M


Joined: 4/11/2014
Posts: 9

Just wanted to let everyone know recently our website was hacked (one page only) by "HACKED BY : S@degh_target ".

You probably already know this

that page title, page tag, display name and all field were changed to "HACKED BY : S@degh_target "

Hackers exploiting DNN CMS vulnerability.

It looked like "http://www.wssda.org/News/HACKEDBYSad......

Is there any way we can protect our site ?

Is this known to DNN community?

Any suggestion would be greatly appreciated.

Thanks,
 
New Post
10/28/2014 2:04 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
this user (s@degh) is known to us as we've had a few reports of sites he "hacked" recently. However in each case we checked we were able to verify that he hadn't hacked them, in fact he simply used google to find DNN sites that had incorrect permissions for page(s). In each case the sites in question had accidentally granted "edit" rights to a page for "all users". As "all users" includes both registered users and anonymous users, it meant that anyone who found the page could update it. As such this is not a "hack" that we can fix, it's up to sites to ensure they do not grant edit permissions to unauthenticated users.
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...DNN 7.01.01 website hacked!DNN 7.01.01 website hacked!


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out