Using DNN 9.1.1
Where is the best place to find solutions for halting hacks on a DNN site?
I have a client whose site was successfully hacked by someone who created an account with a value of "1" in all required fields. How is this done? (7 alphanumeric chrs are required)
I searched and could not find another reported incidence of this in the forums.
The hack runs repeated cycles of login attempts until lockout (5 attempts). Then the cycle repeats with a new username.
The hacker also runs these requests over the sites shopping cart until the logs fill and memory on the server overloads it. I have changed all of the indentifying info in the log entry below. Except the Source IP address.
2018-01-28 01:26:09 W3SVC13 ip-0A000027 10.0.0.XX POST /products/candy--red-swizzlers - 443 - 188.8.131.52 HTTP/1.1 Mozilla+Firefox+50.1.0 language=en-US;+dnn_IsMobile=False;+_ceg.u=p378ai;+_ceg.s=p378ai;+__RequestVerificationToken=P1M7zVA7Kgo2ZYd0Uj3v7EbViu8xFISNomab8SROzV5YxgBTNtNt2jUxhg06gysBd0ZvTw2;+ASP.NET_SessionId=elhyxrlvugtapoevjojghrtt;
+.ASPXANONYMOUS=9if88-gBGnBa8_yx-NZmPa2HxSeOm0tYiMTYYRBsxoSriWmDTO5qKFLv-Z2sis4I4xGaHQvE3ZgZfQMrBkWl87iTdBYgZZzbzn7DY4IDjFx913By0; https://candyhouse.com/ candyhouse.com 403 503 5 1381 660 62
I have disabled the logs.
What is the hacker attempting to accomplish?
He has succeeded in being a nuisance.