Yes. DNN Platform is a free, open-source CMS under the MIT License.

What is the tech stack for DNN?

DNN runs on ASP.NET (.NET Framework 4.8+) with Microsoft SQL Server (2017+ or Azure SQL).

DNN Platform is community-led and a member project of the .NET Foundation.

What’s the difference between DNN and Evoq?

DNN Platform is the open-source core that's been wildly popular and adopted for over 20 years. Evoq is a commercial offering maintained by DNN Software (IgniteTech) that builds on DNN.

DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Code Injection & Vulnerability on DNN 9.9

5 Replies

4 Subscribed to this topic

28 Subscribed to this forum

Sort:

Author

Messages

Rajesh

New Around Here

Posts: 22

1/16/2022 12:06 AM

We have been running DNN for a decade now. Currently, we are on the 9.9 version and running successfully.

However, since last 3 days we have noticed injections happening on our site that is inserting code snippets to run *unknown* google adsense on our site at random places. We have manually taken these out, but they again come back within hours. We are not able to figure out on how someone is placing code in our website folders and taking control.

PLEASE HELP

Sebastian Leupold

Veteran Member

Posts: 546

MVP

1/16/2022 5:13 AM

please make sure, you are running latest version of DNN (9.10.2 at the moment) and followed instructions in release notes to remove Telerik components. Besides, make sure to use strong passwords and disable IIS features, you not using for DNN (PHP etc.)

Rajesh

New Around Here

Posts: 22

1/16/2022 6:26 AM

Thank Sebastian for the prompt response. Will look at upgrading it further but as a practice, we avoid going to the latest version immediately. Secondly, could you help me with listing what IIS features we should look at disabling. Thanks

James Clarkson

Growing Member

Posts: 85

1/16/2022 8:54 AM

attacker has already compromised your system, so I recommend you change machineKeys in machine.config - then closely monitor your IIS logs for unwanted activity

Rajesh

New Around Here

Posts: 22

1/18/2022 8:46 AM

We upgraded to 9.10.2. The FTP access is secured.
However, we still noticed an injection. The injection happens in one of the three places as explained below.
Please find below Injected Code location,

1. ~/default.aspx : Injected code directly
2. ~/SiteAnalytics.config : Injected code directly

Injected code in below path through default.aspx page by adding 1 line code

1. ~/Resources/Shared/stylesheets/dnn.css (and also made dnn.css file hidden and protected by them)
2. ~/Resources/Shared/stylesheets/yui/dnn.css

Does the above information help to guide us further?

Brian Dukes

Advanced Member

Posts: 159

MVP

1/18/2022 9:38 AM

Did you go through the process to Remove Telerik? That's going to be your primary known vulnerability.

Take a look at the Security center in the Persona Bar and see if there's anything there that you need to adjust to either remove a vulnerability or clean up after this attack.

If you think you've removed all known vulnerabilities and you're still being exploited, it could be that you code outside of DNN Platform (i.e. custom development or 3rd party extensions) that is introducing another vulnerability. Or it could be that the initial attack left behind a component that continues to have access.

These Forums are for the discussion of the open source CMS DNN platform and ecosystem.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy.
No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
No Flaming or Trolling.
No Profanity, Racism, or Prejudice.
Site Moderators have the final word on approving / removing a thread or post or comment.
English language posting only, please.

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved