As with any platform or application, security is of the utmost importance. In the DNN Community we’ve recently experienced some of the “fun” that comes along with attacks, bots, and hackers. One thing I’ve noticed and admired is that when attacks like this occur the DNN community really comes together to solve issues and solve them fast. While the attacks have caused headaches for many, the silver lining (at least for me) is how everyone came together to discuss issues, share info, and get the issues resolved as quickly as possible. It has been very impressive and encouraging to watch. Thanks to all the DNN Community members and DNNCorp employees who have worked to help make DNN more secure!
In this meeting, Ash Prasad of DNNCorp and Ryan Moore of Moore Creative Company were both speaking on the topic at hand: security. We started the meeting off with some community announcements and then rolled right into the speaker’s presentations.
Announcements
Ryan led us off with some announcements...
Ash Prasad and the DNN Security Analyzer Tool
After the announcements we transitioned to our features speaker, Ash Prasad. Ash is the Director of Engineering at DNNCorp and also a Microsoft MVP. Ash knows DNN inside and out and has seen all types of DNN instances and solutions. As such, he’s well aware of the recent attacks on DNN sites and the ways that hackers were attempting to hack DNN.
Ash told us the story of how he, DNNCorp, and the DNN Community recognized, investigated, and responded to the most recent bot attack on DNN sites. It was interesting to hear from Ash’s perspective. As one would imagine, the first signs were some interesting activity going on in the DNN Forums. After that the DNNCorp support team started getting similar support requests from some of their clients. One common thread amongst the support tickets was the SMTP setting getting reset.
DNNCorp continued to monitor the DNN Forums, talked with the DNN MVP group, investigated support tickets and discovered that a bot was attempting to attack DNN sites. Ash said that the team at DNNCorp worked around the clock to get info and resolve the issue. The team started working on product updates and they were also able to recognize the sites from which the bots were coming and had them shut down. With enough info in place and product updates ready, DNNCorp sent out a newsletter with the steps to manually correct the situation, and the blog that many of us saw detailing the issue was posted by Will Morgenweck.
DNN Security Analyzer Tool
That was kind of the timeline of how things happened from Ash’s perspective. One of the outcomes of the recent DNN site attacks was the creation of the DNN Security Analyzer Tool. Ash demo’d this to our group and it is very nice and helpful for DNN Administrators. Ash essentially gave us a visual walk through of the Security Analyzer Tool Updates blog. You can find that blog here: http://www.dnnsoftware.com/community-blog/cid/155364/updates-to-security-analyzer-tool
I won’t try to describe every single detail in order to keep this summary short. You can get the full info in the video below. However, Ash noted that the Security Analyzer tool was released a while back, but since the attack they made some updates. The updates were designed to help diagnose some of the issues noticed in the recent attacks. DNNCorp personnel worked in tandem with the DNN Community and some of their customers to test, get feedback, and update the tool accordingly. The security analyzer is also on GitHub.
During this discussion there were 2 points brought up by attendees that I think are relevant:
- Web.config Updates & Site Crashes - If you try to change the password setting to “hashed” in the web.config it sometimes will crash your site. There is apparently a specific way to go about doing this. As such, we are slotting a future session at our meeting to discuss the steps for updating this field and making it NOT crash the site
- DNN Packager – David Poindexter noted that a lot of people are using Darrel Tunnel’s DNN Packager model of DNN Module Development and the package does not work in DNN 8.0.3+ due to the remove of the Install.aspx. The DNN Package depends on this file and since it is getting removed issues arise. However, during the discussion Ash and David mentioned that including this file from the source package may be a way to have it in development only, but not in production. This too will be brought up at future meetings.
Reach Out If You Notice Any Odd Issues in Your DNN Site
Ash also noted that if you ever notice anything odd going on with your DNN site to please reach out to the security team at [email protected]. He noted that there is a team of people that receive that email, the submitted will receive a ticket, and the issue will be investigated and responded to. The ticketing system behind the email address is there to ensure nothing falls through the cracks.
Ryan Moore and Security Horror Stories
After Ash discussed DNNCorp’s perspective and resolution path from the recent bot attack, Ryan Moore gave a very thorough and informative session on how he and his team handled the attacks and lost 9 days of productivity along the way!
Ryan’s company, Moore Creative Company, was definitely affected by the attacks. Ryan has DNN applications spread across 4 or 5 different hosting locations. Around the 21st of the month they started seeing odd things on sites and were getting reports of oddness from their clients. At first they weren’t really sure what was going on, but within a day they knew something was happening. They did their best to stay afloat and keep on moving.
Ryan reflected back to the original reason his company chose DNN, which was due to the the importance of security of the application. Ryan noted that he could only remember 3 previous issues/hacks with DNN and 2 of those were just by the nature of ASP.Net and the 3rd was related to the FCK editor.
The most recent attack was by far the worst for his company. Nearly every one of his sites was hit. During the meeting Ryan showed screenshots of the pop-ups that were showing up on some sites and Jihadi content posted on others. Ryan and team quickly figured out what was going on and one tip that proved to them that this was a bot was because they have other websites and applications on the same servers that got skipped… so the bot was selective and it was looking for DNN.
As you would imagine, Ryan’s clients were calling in once they were seeing these pop-ups and jihadi content and even though Ryan and team knew the remedy and what was going on, it didn’t help calm the client’s nerves.
Ryan’s team used date stamps to identify which files were affected by the bot. The date stamp of 5/23 showed up on several files. His main concern was the hacker/bot getting to the SQL database, so his first steps were to cut off access to site databases. Ryan’s sites were slowing down to a crawl due to the amount of traffic they were receiving from the bot. Memory was maxing out and within minutes they would notice new files showing up on all their sites. In the video you’ll hear/see Ryan detail all the steps they took to mitigate the issues such as locking down the install folder and denying IP addresses. Ryan was able to use a creative way in IIS to deny access to sites.
Secure Install Module (Free)
Ryan’s team also built a DNN module that is free on the DNN Store to help against these type of attacks. While Ryan and team are XMOD gurus, this module is not an XMOD module, it’s a normal DNN module that anyone can use. You can download the module from the store here: http://store.dnnsoftware.com/home/product-details/dnn-secure-install. This module allows you to zip up all contents of the Install folder into a zip file that you name. You can then come back and unzip the file whenever you need to upgrade or use those files.
As mentioned, Ryan noted that his team lost a significant amount of time (9 days’ worth of hours) trying to battle these attacks. After coming out of the battle zone Ryan found the info on the updated security analyzer module, which he says would have also saved him some time.
Conclusion
We had another great and informative meeting. Thanks to Ash Prasad and Ryan Moore for joining us and putting together their presentations. We again want to thank our sponsors and for everyone who attended in person and online. Next month we look forward to hearing from Oliver Hine about his new solution NBrane.
Video Recording of the Meeting
For those of you across the pond and anybody who couldn’t attend we’ve posted the video here so you can watch it on replay. Thanks for watching!