Products

Solutions

Learn More

Partners

Community

Blog

About

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Dotnetnuke - Security vulnerabilities - Data dissapearing from aspnet_Users tableDotnetnuke - Security vulnerabilities - Data dissapearing from aspnet_Users table
Previous
 
Next
New Post
9/8/2016 9:46 AM
 

Hello!

We are facing some strange behaviour with DotNetnuke 7.4.0 installation. Some months ago, there was an attack to our website / installation through InstallWizard.aspx ("2016-06 (Critical) Unauthorized users may create new SuperUser accounts") - see details at: http://www.dnnsoftware.com/community/security/security-center

There were some thing done after the attack - we've copied clean installation over the existing files (there were no CORE modifications from our side - we've developed some custom modules, as usual). What we are facing now is, that from time "DEFAULT USER DATA - UserId = 0" is missing in aspnet_Users table. The consequence is, that we're unable to login with that account.

So, what we are doing is, that we re-fill data in aspnet_Users table (ApplicationId, UserId, UserName, LowereduserName, MobileAlias, IsAnonymous, LastActivityDate). Everything is OK after that, but we are afraid that this will happen again. Once again, there were no CORE modification, there are no additional HOST accounts created, everything is OK with SQL base users. All other users has no issues with login, there are problem just with HOST account. All other functionalities are OK.. Did someone came across with the similar issue? It looks like out DotNetNuke instance is still infected..

Thank you for you time and answers!

 
New Post
9/8/2016 11:43 AM
 
I am not aware of this modification being made on any installation - we don't use to have this user in our database.

Cheers from Germany,
Sebastian Leupold (Microsoft MVP)

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
9/12/2016 8:08 AM
 
Sebastian thank you for your answer. I think you misunderstood my question. There is a default (first/host) user UserId = 1- every DNN installation of course has one :). What we are facing is, that the data in "aspnet_Users" for this user is missing in this table from time to time. As you know, the consequence is, that we are unable to login with the host user. Our DNN installation was under attack ("2016-06 (Critical) Unauthorized users may create new SuperUser accounts") - see details at: http://www.dnnsoftware.com/community/...) so it may be somehow related to that.

So, if i understand you correctly this is the first time to see that kind of problem (we've already done some research in JIRA Issue Tracker and Google but were unable to find similar / related issue).

Any thoughts, what could go wrong? Is there any job in DNN core that could affect "aspnet_Users" table. It is everything OK with Users table all the time. Really strange and unpleasant thing / behaviour, especially in the production environment + a lot of users active all the time. We haven't made any changed in DNN core, so we are started to think this is realted to the attack through "InstallWizard.aspx" some months ago.

 
New Post
9/12/2016 9:59 AM
 
John,
I am not aware of any DNN process deleting records from aspnet_users table - besides hard deleting the DNN user (from users table). The link between both is the user name.
do you have a couple of users in aspnet_users table, who don't show up in aspnet_membership and users table or vv?
AFAIK the hackers attack tried to create records, not to delete them. However, if it tried to create a host user which already exists, the reoutine might have deleted assumed "leftovers". I strongly suggest creating a second superuser to avoid any issues with default host user (and it might increase security to delete the default host user).

Cheers from Germany,
Sebastian Leupold (Microsoft MVP)

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
New Post
9/13/2016 8:15 AM
 
Sebastian, thank you! I think the reason for such behaviour is creating HOST user which already exists - other accounts were not affected "However, if it tried to create a host user which already exists, the reoutine might have deleted assumed "leftovers"."

Thank you! We've added new host user and marked current one as "not active". As we've found out the "hard delete" of previously active "Host user" is not a recommendable thing to do. There are quite some modules on the DNN market, which have huge problems if first user does not exists - we've already experienced such things on the production environment. :)

Regards!
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...Dotnetnuke - Security vulnerabilities - Data dissapearing from aspnet_Users tableDotnetnuke - Security vulnerabilities - Data dissapearing from aspnet_Users table


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out