We have a DNN 7.2.2 web site running on Microsoft Azure Cloud (3 servers / load balanced). The site code is in cloud storage, and is copied to and cached on each web servers as they are commissioned.
Last week, on at least one of the servers, anyone accessing the site, upon clicking on any link within the site would get a new window directing them to download malware of some kind. The link was to: onvictinitor.com/afu.php?zoneid=*&var=* where zoneid and var were each 7 digit integers (not that it matters).
This link was displaying for many different users on many different computers in many different office locations. It was definitely the DNN site that was the source of this.
We decommissioned all three servers, then recommissioned new ones and the problem was gone. This indicates someone injected javascript into our DNN site. This also means that the hack was done on one or more of the individual cloud web servers, as by simply killing the server and rebuilding a new one we removed the malicious script by restoring the code from cloud storage.
We have taken the entire site offline knowing that the exploit is likely to occur again. This is causing our company serious issues.
We see that over time there have been DNN exploits, but would like to know more specifically what exploit was used to accomplish this. We have not had the opportunity to upgrade our DNN platform, but it just seems strange that someone would be able to accomplish something like this.
Until we know for sure what the cause was, we are unable to use DNN - regardless of the version.
I have been unable to find articles related to this type of exploit and how it would be accomplished.
Please help.
@D3VO64 have you found a solution? Patch?
thanks
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.