Are YOU managing the web server and SQL server? The attacks could be using vulnerabilities in the server and not necessarily DNN.
Are there any other sites/applications that connect to your DNN database?
Have you checked the files in your DNN installation? Have you come across any suspicious files?
What exactly are you experiencing in your site that is causing the problems?
Also, I think the comments about the core of DNN being secured from SQL injection but NOT 3rd party modules basically is saying that "We know the core of DNN is safe from SQL injection. We can't, however, guarantee that 3rd party modules don't have this potential security risk."
thanks first of all for answering.
I am not directly managing the SQL and web server but I do have access to it and therefore can take a look at the logs files.
As I previously said, I have activated the DNN logging feature from web.config as well.
luckily no site other than my DNN installation and another DNN installation on the server is affected by the attack. I have .NET sites and classic .asp sites on the server but they are all unaffected by the attacks and I therefore assume the attacks do come through the DNN platform.
I have somehow checked the files in the DNN installation but being an old portal - I started off from DNN 2 - it has got tons of files all over the place.
What I'm experiencing is someone manages somehow to cripple my installation and I get all these errors on the site pages. They cripple my modules that don't show on pages and throw errors all over the place and the site looses more or less all functionality and I'm forced to restore a previous backup since there is no way of understanding how to repair the damage with all the administrator tools down.
Is there a way to trace what is happening or at least to somehow find out WHICH module is the weak spot in my installation. Any suggestions? I have closed down some websites in my installation to reduce the total surface area of attack, I have been eliminating, pages, modules and crippled most of my website's funcionality without being able to stop the attacks.
I just don't understand what to look for and where in order to somehow pinpoint the cause of infection.
I have activated URLSCAN since I saw in the log viewer the attacker trying to escape special characters to launch queries to the database but it hasn't stopped them either and this really leaves me puzzled since I don't have the faintest idea how and where these guys manage to crack into my installation if not through bogus URL queries.
Any help, hint, idea is welcome.
Thank you very much