DNN Blogs

Written for the Community, by the Community

DNN Security Breach Cleanup 101

Written By Moore Creative
2020-04-16

DNN & Security 

  • DNN's history of security That I can remember in my 8+ years of working with DNN as our primary Application Development Platform, there have only been 3 security vulnerabilities which needed addressing. 

    The first in 2010 was an asp.net related vulnerability which affected all ASP.NET applications, Sharepoint, etc and not DNN specifically.  The next was a vulnerability with an older FCK editor (WYSIWYG html editor) component and, again, not specific with DNN but to the incorporated tool. Updating to the newest CK Editor or Telerik editor addressed the issue.

    The third security issue that we have encountered more recently is one regarding a potential threat/exploit that DNN admin/developers are encouraged to address. You can read details here in the DNN site regarding the original announcement in 2015, and for it, edits and the new Security Analyzer admin module  was developed to address the issue.

  • DNN security issues, install folder, tips for /install/ files, folder  
  • Updated DNN Security Analyzer Since then, the DNN Security Analyzer has been updated with several new features which help directly address the issues seen. 

Intro - So you think you've been hacked?

  • show pictures of the times e've been hacked
  • putting the pieces together, host pw changed... alert from a client
  • checking with google mcaffee, etc
  • external websites that scan site

What to do now?

  • panic  calmly and clinically approach the situation... analyze
  • lock down entry points, fowling IPs temporarily
  • change ftp logins
  • change host logins
  • change sql db pws
  • lock down unused items such as stop php on win server, stop classic asp if possible?
  • cleanup manual search for files search for rootkit iisspy aspxspy, most recently edited files, iframe using sublime
  • services like f search tool used virus/malware scan tools for servers, using multiple virus check tools.

DNN Security best to setup

what to do after?

  • share the DNN Store letter and how well written it was
  • backup like evotiva
  • external websites that can scan site regularly
  • cloudflare for security, other scan sites for security? like daily scan sites

 

 
 
Southern Fried DNN User Group
 
The Southern Fried DNN User Group is YOUR user group for the DNN Community!
 

Southern Fried (SoFri) meets monthly to covers DNN topics from the DNN community. Join us for roundtable discussions, speakers and presentations from development and technology to Module vendors and new ideas!

 

SoFri meets the third Thursday of every month at 6:30 PM Eastern


www.SouthernFriedDNN.com

 

 

 

 

Published
2020-04-16
Share
Written By
Moore Creative
2019 DNN MVP, Ryan Moore devotes time to the DNN Community by training and supporting at multiple community events such as the SouthernFried DNN User Group, DNN Con, DNN Summit and support within various Module groups such as Hot Cakes and XMod Pro. Moore Creative offers services to help with existing DNN instances such as DotNetNuke performance review and improvement, content optimization for DNN , and more to help clients get the most out of their DNN sites.
Tags
DNN SecurityHost SecurityInstall Folder SecurityLock DownSecure
Total: 0 Comment(s)

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved