Recently our site is being hacked and it is happening several times a day. What is happening is that default.aspx is being modified and links to porn sites and other things are being placed inside it. I have scoured these forums and have read several posts but have not found any real solutions or anything that points me in the right direction.
I am seeing this kind of thing:
Exception type: HttpException
Exception message: A potentially dangerous Request.Path value was detected from the client (:).
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Request URL: http://programming.msjc.edu/http:/www.lei69.com/
Request path: /http:/www.lei69.com/
User host address: 18.104.22.168
Is authenticated: False
I have read where hackers are somehow doing this kind of thing to do html injection but I cannot figure out how they are doing it.
I have ran security adviser and fixed anything that was suggested. I have to assume that this is a permission problem somewhere but not sure where.
I have disabled ftp, removed admin account from server. Checked all folder permissions, and checked to make sure the latest security patches have been installed.
On the dnn side I have disabled login and registration and removed all but the administrator account. I have changed the password on it also. I have even tried setting the permissions to all pages to administrator only.
At this point I am not sure what to do. Can someone tell me what accounts should have access to the web folder and what their permissions should be?
Also, I am running dnn version 7.00.06, Windows server 20012 R2
I have tried upgrading but this has been very problematic and I have had to roll everything back. At this point I am not sure an upgrade will help.
I have installed the latest version of DNN on a test site but trying to move the content over is REALLY problematic. Most of the skins and modules do not seem to work.
Any help or advice would be welcomed here. Also please note I am really not a web guy but know just enough to be dangerous and that may be the problem.
Thanks in advance!