16 April DNN Security Breach Cleanup 101 April 16, 2020By moorecreative DNN Topics, General, Member Announcements DNN Security, Host Security, Install Folder Security, Lock Down, Secure DNN & Security DNN's history of security That I can remember in my 8+ years of working with DNN as our primary Application Development Platform, there have only been 3 security vulnerabilities which needed addressing. The first in 2010 was an asp.net related vulnerability which affected all ASP.NET applications, Sharepoint, etc and not DNN specifically. The next was a vulnerability with an older FCK editor (WYSIWYG html editor) component and, again, not specific with DNN but to the incorporated tool. Updating to the newest CK Editor or Telerik editor addressed the issue. The third security issue that we have encountered more recently is one regarding a potential threat/exploit that DNN admin/developers are encouraged to address. You can read details here in the DNN site regarding the original announcement in 2015, and for it, edits and the new Security Analyzer admin module was developed to address the issue. DNN security issues, install folder, tips for /install/ files, folder Updated DNN Security Analyzer Since then, the DNN Security Analyzer has been updated with several new features which help directly address the issues seen. Intro - So you think you've been hacked? show pictures of the times e've been hacked putting the pieces together, host pw changed... alert from a client checking with google mcaffee, etc external websites that scan site What to do now? panic calmly and clinically approach the situation... analyze lock down entry points, fowling IPs temporarily change ftp logins change host logins change sql db pws lock down unused items such as stop php on win server, stop classic asp if possible? cleanup manual search for files search for rootkit iisspy aspxspy, most recently edited files, iframe using sublime services like f search tool used virus/malware scan tools for servers, using multiple virus check tools. DNN Security best to setup site lockdown other like htaccess encrypt, sql as local vs complete IP address, or local only rename install folder, rename files, or use our new DNN Secure Install module to help with zipping the install folder when not needed or use Windows IP Security restrictions to block access to the /install/folder unless your office IP or use the updated DNN Security Analyzer what to do after? share the DNN Store letter and how well written it was backup like evotiva external websites that can scan site regularly cloudflare for security, other scan sites for security? like daily scan sites moorecreative moorecreative's Blog Please enable JavaScript to view the comments powered by Disqus. blog comments powered by Disqus