Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeUsing DNN Platf...Using DNN Platf...Performance and...Performance and...how to deal with possible attack on websiteshow to deal with possible attack on websites
Previous
 
Next
New Post
7/21/2014 7:59 PM
 
Tom


Joined: 9/23/2011
Posts: 458
I've gotten advice on another site to NOT have the admin area under a folder called "admin" ... Is this a good idea? And if so, how would I change the admin folder name without breaking things on the website?
 
New Post
7/21/2014 8:02 PM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
DNN does have a built in request filter which can do this (http://www.dnnsoftware.com/community-...), though I prefer & recommend using IIS request filtering http://www.iis.net/configreference/sy... . If you just want to add an additional check to ensure that admin/host users can only log in from certain IP/IP ranges, then you can use login IP filters (http://www.dnnsoftware.com/Content/Dn...)
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
7/21/2014 8:19 PM
 
Tom


Joined: 9/23/2011
Posts: 458
Thanks Cathal.

My understanding is that the Request Filter will restrict browsing to the site, but not specifically for log in. Its a public site so we need to keep it open. It's just logins which I'd like to restrict (if I'm understanding correctly). Also I've read that hackers/bots can just change up their IP addresses and get through anyway so it's not much of a defense. What does seem like it would work for our site is restricting logins to users only on our network (by IP Address range), and denying anyone else.

Do you think that;s a good idea, and can I get this with Login IP filters? I've read that we need to have seperate public and private IP Addresses on our site for this to work. Does it sound to you like this is the way I should proceed?

Still getting a couple login failure attempts every hour...

 
New Post
7/21/2014 11:31 PM
 
Tom


Joined: 9/23/2011
Posts: 458
Does the IIS request filtering work by disallowing specified IP ranges to access specified pages? If so, I could use that to protect the admin area of the sites?

Again our scenario is a set of public websites (DNN Community 7.1.2), where login is only used for host/superusers (me) and a handful (30 or so) of administrators who are within our own network. User Registration is off, so only the host (me) registers admins (for this reason we're probably safer than many other sites , yes?) .

For a number of days now, I've been seeing (failed) attempts to log in to three of the sites, occurring every hour or so, each with a different username & IP Address. So far, no real problem, but it makes me want to make sure we're as protected as possible.

I'm going to get my users to update and strengthen their username/passwords (any suggestions on best practices for this?). I should probably do the same with the host account (is it possible to change the host username?).

It was also suggested to me that I should not have the admin area of the site under a folder called "admin" (as I mentioned above). How would I go about changing that folder name without breaking anything? Do you think that's a good idea?

If, through either DNN or IIS (or a combination of both), I could effectively block anyone from outside our local network (by using IP range filtering) from logging into our site or accessing any of our admin area, it seems like we'd be well protected.

But I'm a relative newbie, and don't know for sure. Do you think this is a good strategy?

Thanks

Tom
 
New Post
7/22/2014 8:39 PM
 
Tom


Joined: 9/23/2011
Posts: 458

We've been testing DNN's Login Request Filters (in 7.2.1) and haven't been able to find a way to allow ONLY a specified IP range and disallow all others. We were able to deny a specified IP address/range (but even then, only for host user, not for admin user).

To deny an IP range isn't useful for us. What we need is to be able to allow only users from within our network, by specifying an IP range and denying all others. We'd like to deny all logins from this range How can we do this? We tried using IP addresses/ranges and asterisks etc, and couldn't find a way to just allow our range and deny all others. And even when the deny did work, it still allowed  admin to login.

Can you help us know how to set up the request filter to do what we need? I've looked at the documentation...

thanks

Tom

 
 Page 2 of 2
Previous12 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Performance and...Performance and...how to deal with possible attack on websiteshow to deal with possible attack on websites


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out