Hello,
Periodically I'll review the Site Log table in our installation to see what's going on. It seems we have some probing going on with our site. In particular these bad actors like to request the LinkClick.aspx page and then pass in their own URLs. Often times these are URLs from foreign countries that are not even linked on our pages. I took a peak at the code of that LinkClick ASPX page and I'm confident there no real danger here. But I am curious on what these actors are trying to accomplish. They appear to be spoofing Google server IP addresses so you think it's just Bot Crawl.
Any insights would be appreciated.
Thanks,
Charles
If my memory serves me, I believe that LinkClick.aspx had been able to be exploited for spam traffic many years ago. It was in a much older version of DNN, if I'm correct.
However, I would recommend following the instructions on the DNN Community's official security policy to get a set of eyes on your logs, just in case.
Ok, so here's some unwanted advice... ;-)
Make sure you upgrade to the latest DNN 9 as soon as possible.
Many vulnerabilities have been fixed since version 8
Posted By cjsailer on 12/14/2023 10:47 PM Hello, Periodically I'll review the Site Log table in our installation to see what's going on. It seems we have some probing going on with our site. In particular these bad actors like to request the LinkClick.aspx page and then pass in their own URLs. Often times these are URLs from foreign countries that are not even linked on our pages. I took a peak at the code of that LinkClick ASPX page and I'm confident there no real danger here. But I am curious on what these actors are trying to accomplish. They appear to be spoofing Google server IP addresses so you think it's just Bot Crawl. Any insights would be appreciated. Thanks, Charles
We also see hackers try that, but as long as DNN is up to date that should not be an issue. They are trying for vulnerabilities in older versions (they even try WP vulnerabilites..) (But as I posted before, if I'm honest, 08.00.04 is not considered to be an "up to date" version)
I'll check the Site Log table in our installation from time to time to see what's happening. It appears that our website is being probed. These shady characters especially enjoy requesting the LinkClick.aspx page and then inserting their own URLs. These are frequently URLs from other nations that aren't even connected to our pages. After looking at the coding of that author site design website, I'm certain that there isn't much of a risk. However, I'm interested in learning what these performers hope to achieve. You may assume it's just a bot crawl because they seem to be impersonating Google server IP addresses.
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.