Blog

Southern Fried DNN Blog

Southern Fried DNN User Group (Formerly Queen City DotNetNuke User Group QCDUG) blog covers DNN topics addressed by the usergroup at meetings, conventions and for the DNN community for North Carolina, South Carolina and the DNN community at large!
 

DNN Security Breech Cleanup 101

 

DNN & Security 

  • DNN's history of security
    That I can remember in my 8+ years of working with DNN as our primary Application Development Platform, there have only been 3 security vulnerabilities which needed addressing. 

    The first in 2010 was an asp.net related vulnerability which affected all ASP.NET applications, Sharepoint, etc and not DNN specifically. 

    The next was a vulnerability with an older FCK editor (WYSIWYG html editor) component and, again, not specific with DNN but to the incorporated tool. Updating to the newest CK Editor or Telerik editor addressed the issue.

    The third security issue that we have encountered more recently is one regarding a potential threat/exploit that DNN admin/developers are encouraged to address. You can read details here in the DNN site regarding the original announcement in 2015, and for it, edits and the new Security Analyzer admin module  was developed to address the issue.

  • DNN security issues, install folder, tips for /install/ files, folder
     
  • Updated DNN Security Analyzer
    Since then, the DNN Security Analyzer has been updated with several new features which help directly address the issues seen. 

Intro - So you think you've been hacked?

  • show pictures of the times e've been hacked
  • putting the pieces together, host pw changed... alert from a client
  • checking with google mcaffee, etc
  • external websites that scan site

What to do now?

  • panic  calmly and clinically approach the situation... analyze
  • lock down entry points, fowling IPs temporarily
  • change ftp logins
  • change host logins
  • change sql db pws
  • lock down unused items such as stop php on win server, stop classic asp if possible?
  • cleanup manual search for files search for rootkit iisspy aspxspy, most recently edited files, iframe using sublime
  • services like f search tool used virus/malware scan tools for servers, using multiple virus check tools.

DNN Security best to setup


what to do after?

  • share the DNN Store letter and how well written it was
  • backup like evotiva
  • external websites that can scan site regularly
  • cloudflare for security, other scan sites for security? like daily scan sites


moorecreative
moorecreative
moorecreative's Blog


blog comments powered by Disqus

Sponsor Logo Scroll

The Southern Fried DNN user group and our proud sponsors are here to help you!

Sign Up For Alerts

Keep up on our activities and meetings. Enter your e-mail and subscribe to our group announcements and alerts.



About The User Group

The Southern Fried DNN User Group meets the Third Thursday of Every Month to discuss DotNetNuke tips, topics and camaraderie. The group is for DNN developers, administrators and users, and for everyone interested in learning more!

Get in touch

Follow Us