DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Site Log- web traffic

 6 Replies
 1 Subscribed to this topic
 21 Subscribed to this forum
Sort:
Author
Messages
New Around Here
Posts: 2
New Around Here

    Hello,

    Periodically I'll review the Site Log table in our installation to see what's going on.  It seems we have some probing going on with our site.  In particular these bad actors like to request the LinkClick.aspx page and then pass in their own URLs.  Often times these are URLs from foreign countries that are not even linked on our pages.  I took a peak at the code of that LinkClick ASPX page and I'm confident there no real danger here.  But I am curious on what these actors are trying to accomplish.  They appear to be spoofing Google server IP addresses so you think it's just Bot Crawl.

    Any insights would be appreciated.

     

    Thanks,

    Charles

    Senior Member
    Posts: 1393
    Senior Member

      If my memory serves me, I believe that LinkClick.aspx had been able to be exploited for spam traffic many years ago.  It was in a much older version of DNN, if I'm correct.  

      However, I would recommend following the instructions on the DNN Community's official security policy to get a set of eyes on your logs, just in case.  

      New Around Here
      Posts: 2
      New Around Here
        Thanks. I would say that 95% of the calls to that page are probably SPAM. Apparently, our business teams like to use that page/feature as a means of linking to another page.

        We are on version 8.0.0.4. So it's possible we carried that page over from an older version when it was intended to be deprecated.
        Veteran Member
        Posts: 1157
        Veteran Member

          Ok, so here's some unwanted advice... ;-)

          Make sure you upgrade to the latest DNN 9 as soon as possible.

          Many vulnerabilities have been fixed since version 8

          Veteran Member
          Posts: 1157
          Veteran Member
            Posted By cjsailer on 12/14/2023 10:47 PM

            Hello,

            Periodically I'll review the Site Log table in our installation to see what's going on.  It seems we have some probing going on with our site.  In particular these bad actors like to request the LinkClick.aspx page and then pass in their own URLs.  Often times these are URLs from foreign countries that are not even linked on our pages.  I took a peak at the code of that LinkClick ASPX page and I'm confident there no real danger here.  But I am curious on what these actors are trying to accomplish.  They appear to be spoofing Google server IP addresses so you think it's just Bot Crawl.

            Any insights would be appreciated.

             

            Thanks,

            Charles

            We also see hackers try that, but as long as DNN is up to date that should not be an issue.
            They are trying for vulnerabilities in older versions (they even try WP vulnerabilites..)
            (But as I posted before, if I'm honest, 08.00.04 is not considered to be an "up to date" version)

             

             

            Senior Member
            Posts: 1393
            Senior Member
              Yeah, LinkClick.aspx still exists, but the thing I mentioned has long since been resolved. Though, some of the attack bots out there are able to seemingly know and try older exploits in some cases. So, please do upgrade ASAP.
              New Around Here
              Posts: 1
              New Around Here

                I'll check the Site Log table in our installation from time to time to see what's happening. It appears that our website is being probed. These shady characters especially enjoy requesting the LinkClick.aspx page and then inserting their own URLs. These are frequently URLs from other nations that aren't even connected to our pages. After looking at the coding of that author site design website, I'm certain that there isn't much of a risk. However, I'm interested in learning what these performers hope to achieve. You may assume it's just a bot crawl because they seem to be impersonating Google server IP addresses.

                These Forums are dedicated to the discussion of DNN Platform.

                For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                5. No Flaming or Trolling.
                6. No Profanity, Racism, or Prejudice.
                7. Site Moderators have the final word on approving / removing a thread or post or comment.
                8. English language posting only, please.

                Would you like to help us?

                Awesome! Simply post in the forums using the link below and we'll get you started.

                Get Involved