DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Malicious code injecting in our dnn site

Sort:
You are not authorized to post a reply.





New Around Here





    Hi Team,

    For last 2 years we observed that some malicious code injection is happening in our site,

    The code is injected in different places like SiteAnalytics.config, Active skin header and most of the time in default.aspx page. This is more disturbing.

    We just want to know is there a way to removed malicious code automatically from our site?

    Is there any security module available to prevent from inserting injected code?

    Is IIS User permission is mandatory for DNN project folder?

    How we can completely secure our dnn web site?

    Apart from that If you have any other suggestions please let us know. that will help us to proceed further.

    Awaiting for your response.

    Regards,

    Shyamal






    Veteran Member





      As we don't allow any security related content that might help hackers on these forums, I removed some specifics from this post.
      We have deleted two previous posts and sent you a message stating this, please check your messages in your profile on this website. I do have some general suggestion and a more specific one, but that last one I'm not going to post in here.

      Please first:
      - Update all the used extensions to the latest version.
      - Reset your server and or DNN user passwords.
      - Check your site for DNN users you did not create or that were manipulated
      - Disable FTP access to your website.

      For that last tip, please use this site's messaging to contact me (I already sent you a message).

      As for your other questions:

      Q: Is there any security module available to prevent from inserting injected code?
      > Upgrading is your friend. If you use DNN version 09.10.02 without Telerik, that version does not contain any known security issues.


      Q: Is IIS User permission is mandatory for DNN project folder?
      > No, if you setup your site with an application pool user, the Users group does not need any rights on the DNN folder

      Q: How we can completely secure our dnn web site?
      > By using the DNN installation best practices and upgrade regularly.
      This goes for DNN, but also the DNN extensions you use and the server if you manage your own server.

      So please do not post any specifics in this forum or we will have to remove that content.
      Let's say that you discovered an issue in a specific DNN version (unlikely but possible), we wouldn't want that to be discussed out in the open. I hope you understand.

       






      Veteran Member





        I forgot to say that you could try to analyse you IIS log to see when and how these changes were made.
        See also: https://dnncommunity.org/security






        Advanced Member





          This happen to me a couple of times and what I did in order to find the modified files was to look files over FTP (I didn't have access to the server) based on the last modified time; this takes a while but from my perspective, you've to make sure everyting it's clean and back to normal.

          I don't believe there is an automatic way to perform this task. 

          And of course, recent backups from your site would save you a lot of time. :-)

          Ing. Marco Alvarado Gómez MSc | Globalode
          Phone. +506 6049-1880 | WhatsApp. +506 6049-1880 | Email. [email protected]
          Address. Costa Rica (A Pura Vida place!).
          You are not authorized to post a reply.

          These Forums are dedicated to the discussion of DNN Platform.

          For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

          1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
          2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
          3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
          4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
          5. No Flaming or Trolling.
          6. No Profanity, Racism, or Prejudice.
          7. Site Moderators have the final word on approving / removing a thread or post or comment.
          8. English language posting only, please.

          Would you like to help us?

          Awesome! Simply post in the forums using the link below and we'll get you started.

          Get Involved