Products

Solutions

Resources

Partners

Community

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...HackHack
Previous
 
Next
New Post
1/28/2018 3:22 PM
 
Hack 

Using DNN 9.1.1

Where is the best place to find solutions for halting hacks on a DNN site?

I have a client whose site was successfully hacked by someone who created an account with a value of "1" in all required fields. How is this done? (7 alphanumeric chrs are required) 

I searched and could not find another reported incidence of this in the forums. 

The hack runs repeated cycles of login attempts until lockout (5 attempts). Then the cycle repeats with a new username. 

The hacker also runs these requests over the sites shopping cart until the logs fill and memory on the server overloads it. I have changed all of the indentifying info in the log entry below. Except the Source IP address.

2018-01-28 01:26:09 W3SVC13 ip-0A000027 10.0.0.XX POST /products/candy--red-swizzlers - 443 - 64.39.103.202 HTTP/1.1 Mozilla+Firefox+50.1.0 language=en-US;+dnn_IsMobile=False;+_ceg.u=p378ai;+_ceg.s=p378ai;+__RequestVerificationToken=P1M7zVA7Kgo2ZYd0Uj3v7EbViu8xFISNomab8SROzV5YxgBTNtNt2jUxhg06gysBd0ZvTw2;+ASP.NET_SessionId=elhyxrlvugtapoevjojghrtt;

+.ASPXANONYMOUS=9if88-gBGnBa8_yx-NZmPa2HxSeOm0tYiMTYYRBsxoSriWmDTO5qKFLv-Z2sis4I4xGaHQvE3ZgZfQMrBkWl87iTdBYgZZzbzn7DY4IDjFx913By0; https://candyhouse.com/ candyhouse.com 403 503 5 1381 660 62

I have disabled the logs.

What is the hacker attempting to accomplish?

He has succeeded in being a nuisance.

 

 

 
New Post
1/29/2018 4:51 PM
 
Seems you have two problems. One is that the security for creating an account needs to be reviewed as well as access to your database.

Also, try determining the IP the hacker is coming from - you may be able to block the ip wth an entry in web.config if you can determine the source.
sometimes your hosting company will block an ip address, a range of ip addresses, or even a country from accessing your website.

 
New Post
1/29/2018 5:15 PM
 
Thanks for the reply James.

Though, I'm afraid the hacker is more sophisticated than you think.

The hacker's IP address is in the error log I posted. It is associated with Qualys the security company. Which means the hacker is spoofing it and can work around any IP blocking. We started combatting the problem by blocking a range of IP's. HIs attack is part of an automated process that he runs against many sites looking for an opening. So he hasn't broken in yet. The process runs weekly on Friday night only. It learns and adapts to our blocking attempts. We will be switching our website's IP address but I was looking for something in the interim.
 
New Post
2/7/2018 12:39 AM
 
please contact security@dnnsoftware.com with your finding.

Do you really see an account with this username or just the attempt to login (@1 would be the first param of a procedure)?
Did you apply latest security fixes and latest version of DNN Security module?

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group

Speed up your DNN Websites with TurboDNN
 
Previous
 
Next
HomeHomeUsing DNN Platf...Using DNN Platf...Administration ...Administration ...HackHack


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out