If my memory serves me, I believe that LinkClick.aspx had been able to be exploited for spam traffic many years ago.  It was in a much older version of DNN, if I'm correct.  

However, I would recommend following the instructions on the DNN Community's official security policy to get a set of eyes on your logs, just in case.  

Thanks. I would say that 95% of the calls to that page are probably SPAM. Apparently, our business teams like to use that page/feature as a means of linking to another page.

We are on version 8.0.0.4. So it's possible we carried that page over from an older version when it was intended to be deprecated.

Ok, so here's some unwanted advice... ;-)

Make sure you upgrade to the latest DNN 9 as soon as possible.

Many vulnerabilities have been fixed since version 8

Posted By cjsailer on 12/14/2023 10:47 PM

Hello,

Periodically I'll review the Site Log table in our installation to see what's going on.  It seems we have some probing going on with our site.  In particular these bad actors like to request the LinkClick.aspx page and then pass in their own URLs.  Often times these are URLs from foreign countries that are not even linked on our pages.  I took a peak at the code of that LinkClick ASPX page and I'm confident there no real danger here.  But I am curious on what these actors are trying to accomplish.  They appear to be spoofing Google server IP addresses so you think it's just Bot Crawl.

Any insights would be appreciated.

 

Thanks,

Charles

We also see hackers try that, but as long as DNN is up to date that should not be an issue.
They are trying for vulnerabilities in older versions (they even try WP vulnerabilites..)
(But as I posted before, if I'm honest, 08.00.04 is not considered to be an "up to date" version)

 

 

Yeah, LinkClick.aspx still exists, but the thing I mentioned has long since been resolved. Though, some of the attack bots out there are able to seemingly know and try older exploits in some cases. So, please do upgrade ASAP.

I'll check the Site Log table in our installation from time to time to see what's happening. It appears that our website is being probed. These shady characters especially enjoy requesting the LinkClick.aspx page and then inserting their own URLs. These are frequently URLs from other nations that aren't even connected to our pages. After looking at the coding of that author site design website, I'm certain that there isn't much of a risk. However, I'm interested in learning what these performers hope to achieve. You may assume it's just a bot crawl because they seem to be impersonating Google server IP addresses.