Register | Log In
Store Download Support Blogs Forums Contact
Resources > Forums
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...MS France Site Defacement MS France Site Defacement
Previous
 
Next
New Post
7/19/2006 5:59 AM
 
User is offline Mike Mullins

www.mycollegeexperience.com
Joined: 5/24/2006
Posts: 28
Good to hear Richard, keep up the good work.  Don't let outside influences come between you and your work.
www.mycollegeexperience.com
 
New Post
8/30/2006 6:40 PM
 
User is offline Erik Wilkinson

www.dnnfx.com
Joined: 7/30/2004
Posts: 5

Sorry if an answer to this is posted elsewhere.  I searched on "hack" on the forums and didn't find much.  Just wondering if anyone has more information on this.  One of our customer's sites was hacked today by a hacker group handled TiTHacK.  They seem pretty busy on DNN sites.  Here are just today's attempts:

http://www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,TiTHacK/

They are hacking traditional ASP sites as well but I'm wondering if anyone has advice on bulletproofing against this guy.  Is there a know exploit on version 3.2.2 (the one we're on) related to this?

Thanks,

Erik
 
New Post
8/31/2006 4:44 AM
 
User is offline Sebastian Leupold


Sebastian Leupold's Avatar

Sebastian Leupold's Avatar

www.dnnwerk.de
Joined: 3/8/2004
Posts: 34263

There are multiple sources for insecurity:

  1. missing Microsoft Patches
  2. IIS configuration
  3. vulnarable DNN framework version
  4. vulnarable DNN modules

regarding 3, there is a big issue in versions 3.3.3/4.3.3 regarding profiles and there are minor ones in previous versions since 3.1.0, regarding the use of FTB3 editor. For details see the DNN Security Bulletins.

Regarding modules there has been an issue reported (and fixed ASAP), concerning all modules from a 3rd party developer. For details see the DNN Security Bulletins.

Cheers from Germany,
Sebastian Leupold

dnnWerk - The DotNetNuke Experts   German Spoken DotNetNuke User Group   European Network of DotNetNuke Professionals
 
 Page 4 of 4
Previous1234 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...MS France Site Defacement MS France Site Defacement


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
Attend A Webinar
Free Demo Site
Download DotNetNuke Professional Edition Trial
Have Someone Contact Me
Have Someone Contact Me

Like Us on Facebook Join our Network on LinkedIn Follow DNN Corporate on Twitter Follow DNN on Twitter

Advertisers

DotNetNuke Scoop!

Sponsors

DotNetNuke Corporation

DotNetNuke Corp. is the steward of the DotNetNuke open source project, the most widely adopted Web Content Management Platform for building web sites and web applications on Microsoft. Organizations use DotNetNuke to quickly develop and deploy interactive and dynamic web sites, intranets, extranets and web applications. The DotNetNuke platform is available in a free Community and subscription-based Professional and Enterprise Editions with an Elite Support option. DotNetNuke Corp. also operates the DotNetNuke Store where users purchase third party apps for the platform.
Copyright © 2002-2012 DotNetNuke Corp. / Terms of Use / Privacy
Hosted by MaximumASP