DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
Prev
Next

Is Data_base.aspx hacked?

Forums > Administration and Configuration
Sort:
You are not authorized to post a reply.





Roman U.

New Around Here



Posts:6
New Around Here




12/8/2023 1:04 AM

    The Windows Defender quarantined Data_base.aspx as a threat. 

    The path is /wwwroot/Documentation/StarterKit/images/Data_base.aspx.
    It happened during a backup via FTP.

    The .aspx has, indeed, a suspicious size. 

    What is one supposed to do? 
    How can one compare the installed file with the file from the installation package?

     

    Happy coding,
    Roman

     






    Mariette Knap (SU)

    Growing Member



    Posts:92
    Growing Member




    12/8/2023 1:28 AM

      This is NOT part of DNN. Someone has access to your site or server in a way that was caused by a breach or a hack. You should do a full analyses on security, see https://www.microsoft.com...hreatId=-2147205868. I am wondering why you found this during an FTP session. On the server running DNN don't you have Defender running?

      Once you have cleaned the server change all passwords and implement 2FA for remote access to that server. Stop using FTP as this is very insecure. If you do not own the server or VM yourself contact your vendor.






      Michael Tobisch

      Veteran Member



      Posts:1125
      Veteran Member




      12/8/2023 3:07 AM

        In addition to Mariette, there are some possibilities to secure FTP a bit (as I say: a bit).

        1. You can install a scheduled task on the Windows server that starts and stops the FTP access for a given time window to download backups of your site and/or database. I did this once, let's see if I find the stuff and write a little blog article about it...
        2. Use an encrypted connection ("FTPS") to avoid transmission of the credentials in plain text. This is possible with Let's Encrypt certificates but requires manual assignment of the certificate whenever a new one is delivered to your server.
        3. Combine 1. and 2.
        4. The best way is to use SFTP. SFTP requires a certificate from the client in addition to username and password. This avoids logins from any machine that does not have the client certificate installed. But even if most FTP clients support SFTP, IIS and Filezilla Server do not (yet). I have not found a free SFTP solution yet that is easy to handle - and tbh the only free one I found is free only for "private" purposes.
        5. The very best way: Combine 1. and 4. ;-)

        Happy DNNing!
        Michael

         

        Michael Tobisch
        DNN★MVP

        dnnWerk Austria
        DNN Connect





        Stéphane Tétard

        New Around Here



        Posts:24
        New Around Here




        12/8/2023 5:45 AM

          Hi Roman,

          The 2 others aspx files seems to be malicious too!

          As we can think an image folder doesn't generaly contain any code file. You can check the files dates (depending on the maner they have been uploaded). Those 3 files could have been uploaded at the same time.

          Said that, as Mariette suggested you have to scan all the filesystem.






          Roman U.

          New Around Here



          Posts:6
          New Around Here




          12/19/2023 8:44 AM

            Yes. Mariette, you are right. I found the folder and with its images in the distribution of the 9.2.0 DNN. But there are no aspx there. Somehow, the corrupt files were added to the folder later. 
            The server is on Azure. I don't know if they have Defender by default.  I will inform them. 

            Thank you all, guys! 

            You are not authorized to post a reply.

            These Forums are dedicated to the discussion of DNN Platform.

            For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

            1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
            2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
            3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
            4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
            5. No Flaming or Trolling.
            6. No Profanity, Racism, or Prejudice.
            7. Site Moderators have the final word on approving / removing a thread or post or comment.
            8. English language posting only, please.

            Would you like to help us?

            Awesome! Simply post in the forums using the link below and we'll get you started.

            Get Involved