Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

  Need Help?  
Professional technical support for DotNetNuke is available from DotNetNuke Corporation.
 


  Ads  
r2i.ntegrated
 


  Sponsors  

Meet Our Sponsors

SteadyRain
DataSprings - Great Ideas. Always Flowing.
R2integrated - formerly bi4ce
Jango Studios - Skins, Modules and Hosting for DotNetNuke
eUKhost.com is commited to offer exceptional UK Windows Web Hosting solutions with quality 24x7 technical support.Our plans support ASP.Net, ASP, ASP.NET Ajax extensions, XML, MSSQL, MySQL, PHP,DNN, multiple domains and Shared SSL as standard.
SmarterTools
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Configure It! (...  Block PowerDNN Scanner
Previous Previous
 
Next Next
New Post 5/21/2008 8:14 PM
Informative
User is offline Carlos Rodriguez
520 posts
www.almacigo.com
8th Ranked


Block PowerDNN Scanner 
Modified By Carlos Rodriguez on 5/21/2008 11:16:50 PM)

Dear all:

You can block the DNN security scanner from PowerDNN in order to prevent anybody from using it to reveal information about your DNN implementation.

It is very easy, the only catch is that you must be able to make changes to IIS on the server.  The solution is to block the address for the PowerDNN site, it is 216.58.236.42 (this is public, easily obtained information).  I just did this and attempted a scan, the scanner immediately shows "Could not verify website as a DotNetNuke Website.

Hope this helps those with concerns about this tool until the dust settles about the true vulnerabilities (if any) and possible patches.

Carlos

 
 
New Post 5/21/2008 8:19 PM
User is offline Brandon Haynes
641 posts
everysport.net
7th Ranked


Re: Block PowerDNN Scanner 

Ah, that's a great idea.  Thanks for the information Carlos!

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post 5/22/2008 6:41 AM
User is offline keeperofstars
252 posts
9th Ranked


Re: Block PowerDNN Scanner 

Yeap, most hosts have also blocked the tool as well. Its original intent was sound but as with all good things, some bad eggs ruin it for the bunch. Most hosts will allow you to block this if you just contact them.
 
New Post 5/22/2008 7:12 AM
User is offline Sebastian Leupold
14328 posts
www.deutschnetnuke.de
1st Ranked












Re: Block PowerDNN Scanner 
Modified By Sebastian Leupold on 5/22/2008 10:14:18 AM)

I removed all xx.xx.xx.txt files from /portals/_default directory (you can do this using online the file manager in Host menu) and now the scanner reports

"There are no security vulnerabilities in your website."

This will also help against any other's attempt to get your DNN version from using the same mechanism.

Sebastian Leupold

DeutschNetNuke dnnWerk - The DotNetNuke Experts German DotNetNuke User-Group

DotNetNuke Project UserDefinedTable
DotNetNuke Project Release Tracker
 
New Post 5/22/2008 7:38 AM
User is offline Charles Nurse
2839 posts
5th Ranked










Re: Block PowerDNN Scanner 

A case could be made for removing the .txt files - and the old .SqlDataprovider files once they have ben run in the Install/Upgrade as they have no further use.  If a user needs to "rebuild" their site from scratch then they could "upload" the files from a fresh package.

Charles Nurse
DotNetNuke Trustee,
Senior Architect, DotNetNuke Coporation
 MVP (ASP.NET) and
ASPInsiders Member
View my profile on LinkedIn
See my Blog for Articles on .NET, DNN and Module Development

View my Blog
 
 Page 1 of 212Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Configure It! (...  Block PowerDNN Scanner
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Cygnusoft Custom Software
Cygnusoft has been providing cutting-edge custom software solutions for 20 years. Cygnusoft is also a leading start-up incubator, helping our partners build successful new businesses.
www.cygnusoft.com 		Digicon: DotNetNuke design and development
Digicon is based in Brisbane, Queensland, Australia
digicon.com.au 		Live Visitor Tracking & Live Chat For DotNetNuke
Track your visitors in real time and add live chat for sales & support. Free Trial.
www.whoson.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP