• Login
  • Register

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

How to disable all type file upload?

You are not authorized to post a reply.
Sort:


New Member


Posts:1
New Member

    Hi there lately my website were attack by some hacker, they upload aspx type file and spam some weird stuff..After i delete all suspricous aspx file, cleaning all vunerable and check superuser, setting allowable file extensions, etc. but somehow they still able to upload new aspx spy file So i just want to ask is there a way disable upload all type file upload to server? or blocked aspx spy file? Thanks

    Best



    Veteran Member


    Posts:898
    Veteran Member

      What DNN version? Did you upgrade DNN to the latest version too (you should)?
      One of the fixed issues is in the RAD editor (DNN uses CKEditor now)
      You should also check all ascx files as they can be compromised too.
      I don't think blocking uploads will help you if they are using a vulnerability in an old version of DNN.

       



      New Member


      Posts:7
      New Member

        Hi,

        My website is suffering from these same issues.  Did the update resolve it?  I'm upgrading to DNN version 9.6.7.

        Thanks,
        Kiet



        Veteran Member


        Posts:558
        Veteran Member

          Hi Kiet,

          9.6.7 is not enough. Ideally you move towards 9.10.2.
          That should not be hard btw as there are not many crucial differences between those versions.
          After upgrading, you should remove Telerik components.
          https://docs.dnncommunity.org/content/getting-started/setup/telerik-removal/index.html
          Tjep's digital agencyRegards,
          Tycho de Waard

          Tjep's digital agency
          We just love DNN
          https://www.tjeps.com


          New Member


          Posts:7
          New Member

            Thanks for the quick reply and recommendation!  Is the upgrade path 9.6.7 -> 9.10.2?  My current upgrade path is 

            9.1.1 -> 9.3.0 -> 9.6.4 -> 9.6.7 -> ???

             

             



            Veteran Member


            Posts:558
            Veteran Member

              https://docs.dnncommunity.org/content/getting-started/setup/upgrades/suggested-upgrade-path/index.html

              9.3.2 -> most recent

              The 9.3.2 is the one where you might encounter impact. Depending on the (amount of) third party extensions. For instance, there was an Newtonsoft issue with DNN Sharp extensions. Speaking of DNN Sharp: they moved as Plant an app towards the concept of Low code. Meaning that s few of their modules is available as stand alone but the majority is part of their low code appbuilder. 
               

              Tjep's digital agencyRegards,
              Tycho de Waard

              Tjep's digital agency
              We just love DNN
              https://www.tjeps.com


              New Member


              Posts:7
              New Member

                Another follow up.  Can I upgrade to 9.10.2 and not remove Telerik?  Looks like I have alot of dependencies identified by the Telerik Dependency Report.  
                >>>
                 

                Telerik Dependency Report

                WARNING! Dependencies on Telerik were discovered in assemblies that will NOT be addressed by un-installing per the instructions with 9.8.0. The list below includes all.

                • Bring2mind.DNN.Modules.DMX.Core.dll
                • Bring2mind.DNN.Modules.DMX.dll
                • BusinessNetwork.dll
                • Contractors.dll
                • DataSprings.Modules.DynamicForms.dll
                • DDT_Org_Chart.dll
                • DotNetNuke.Modules.FAQs.dll
                • dotnetnuke.modules.userdefinedtable.dll
                • DotNetNuke.Professional.DigitalAssets.dll
                • DotNetNuke.Professional.DocumentLibrary.dll
                • DotNetNuke.Professional.DocumentViewer.dll
                • DotNetNuke.RadEditorProvider.dll
                • EventsCalendar.Components.dll
                • EventsCalendar.ControlBase.dll
                • EventsCalendar.dll
                • EventsCalendar.PromoCodes.dll
                • PackFlash.DNN.Modules.MegaDropDown.Admin.dll
                • QuickApps.Modules.QuickDocs.dll
                • Revindex.Business.Revindex.Revindex.Storefront.dll
                • Revindex.Dnn.RevindexStorefront.dll
                • Revindex.Web.UI.DynamicControls.dll
                • Telerik.Web.Design.dll
                • WillStrohl.Modules.ContentSlider.dll

                <<<

                 



                Veteran Member


                Posts:558
                Veteran Member

                  You can upgrade but important issues would remain. My advice would be to do some cleaning.

                  1. Replace the RadEditor with the CKeditor that is shipped by default with 9.10
                  2. Remove extensions that are not used.
                  3. Upgrade extensions to the latest: I can imagine that Revindex for instance has an updated version, independent from Telerik
                  4. Reach out to Peter Donker (Bring2Mind) and Will Strohl (Upendo) to check what they can do. 
                  5. For Events, maybe discuss things at https://github.com/DNNCommunity/DNN.Events/issues/85 
                    You might want to consider sponsoring the efforts to get things higher on the priority list. If you look at the discussions, everyone recognizes the need but time is lacking.
                  6. For extensions that are not maintained anymore, consider alternatives. 

                  And after all this: get rid of Telerik :-) 

                  Tjep's digital agencyRegards,
                  Tycho de Waard

                  Tjep's digital agency
                  We just love DNN
                  https://www.tjeps.com


                  New Member


                  Posts:7
                  New Member

                    Oy!  Not the answer I wanted to hear but what I was expecting.  Thanks Tycho!  Going from DNN 6.0.2 -> 9.1.1 was brutal so hopefully this won't be as bad.  



                    Veteran Member


                    Posts:1191
                    Veteran Member

                      Going from DNN 6 to 9.1.1 is like crossing much of the known universe. I hope you are doing a better job keeping up to date!

                      If you are at 9.1.1, you will likely have some hurdles getting to 9.3.2. From there, though, life should be better. And, really, you should be trying to keep up to date. Except for major security issues (and if you haven't upgraded to 9.10.1 you have security issues) upgrading once a year should be the minimum.

                      So, follow Tycho's advice. You can't do better than that.
                      Joe Craig
                      DNN MVP
                      Patapsco Research Group
                      You are not authorized to post a reply.

                      These Forums are dedicated to discussion of DNN Platform.

                      For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                      1. If you have (suspected) security issues, please do not post them in the forums but send an email to [email protected]
                      2. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
                      3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                      4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                      5. No Flaming or Trolling.
                      6. No Profanity, Racism, or Prejudice.
                      7. Site Moderators have the final word on approving / removing a thread or post or comment.
                      8. English language posting only, please.

                      Would you like to help us?

                      Awesome! Simply post in the forums using the link below and we'll get you started.

                      Get Involved