DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Code Injection & Vulnerability on DNN 9.9

Sort:
You are not authorized to post a reply.





New Around Here





    We have been running DNN for a decade now. Currently, we are on the 9.9 version and running successfully.

    However, since last 3 days we have noticed injections happening on our site that is inserting code snippets to run *unknown* google adsense on our site at random places. We have manually taken these out, but they again come back within hours. We are not able to figure out on how someone is placing code in our website folders and taking control.

    PLEASE HELP






    Veteran Member





      please make sure, you are running latest version of DNN (9.10.2 at the moment) and followed instructions in release notes to remove Telerik components. Besides, make sure to use strong passwords and disable IIS features, you not using for DNN (PHP etc.)





      New Around Here





        Thank Sebastian for the prompt response. Will look at upgrading it further but as a practice, we avoid going to the latest version immediately. Secondly, could you help me with listing what IIS features we should look at disabling. Thanks





        Growing Member





          attacker has already compromised your system, so I recommend you change machineKeys in machine.config - then closely monitor your IIS logs for unwanted activity





          New Around Here





            We upgraded to 9.10.2. The FTP access is secured.
            However, we still noticed an injection. The injection happens in one of the three places as explained below.
            Please find below Injected Code location,

            1. ~/default.aspx : Injected code directly
            2. ~/SiteAnalytics.config : Injected code directly

            Injected code in below path through default.aspx page by adding 1 line code
            <!--#include file="~\Resources\Shared\stylesheets\dnn.css"-->
            1. ~/Resources/Shared/stylesheets/dnn.css (and also made dnn.css file hidden and protected by them)
            2. ~/Resources/Shared/stylesheets/yui/dnn.css

            Does the above information help to guide us further?





            Advanced Member





              Did you go through the process to Remove Telerik? That's going to be your primary known vulnerability.

              Take a look at the Security center in the Persona Bar and see if there's anything there that you need to adjust to either remove a vulnerability or clean up after this attack.

              If you think you've removed all known vulnerabilities and you're still being exploited, it could be that you code outside of DNN Platform (i.e. custom development or 3rd party extensions) that is introducing another vulnerability. Or it could be that the initial attack left behind a component that continues to have access.

              DNN partner specializing in custom, enterprise DNN development https://engagesoftware.com/showcase
              You are not authorized to post a reply.

              These Forums are dedicated to the discussion of DNN Platform.

              For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

              1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
              2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
              3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
              4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
              5. No Flaming or Trolling.
              6. No Profanity, Racism, or Prejudice.
              7. Site Moderators have the final word on approving / removing a thread or post or comment.
              8. English language posting only, please.

              Would you like to help us?

              Awesome! Simply post in the forums using the link below and we'll get you started.

              Get Involved