aderson@dnnhero.com   |      1-855-DNN-HERO

Forum

Forum


HomeHomePremiumPremiumAdministrationAdministrationSecurity WarningSecurity Warning
Previous
 
Next
New Post
5/27/2016 5:26 AM
 
Stephen
7th Level Poster

Joined: 7/29/2012
Posts: 403
Hi Aderson,

Just looking at the security announcement '2016-06 (Critical) Unauthorized users may create new SuperUser accounts':
http://www.dnnsoftware.com/platform/manage/security-center?mkt_tok=eyJpIjoiWXpWbVlUQXdZbVk0WkRVdyIsInQiOiJqdkhFanVTUnBOdlhEY1JMTTFaNXJ5c3drazJBU25MWUVmd1wvaGJQVFBCMHZma0VDeEJmS1pvOGRScmF6WStWT0tXXC9TN0lwMzl0S3RRS0oxbmRwQzNON3lcL2IxcGFsYzg5U2N6Unh1dTZCYz0ifQ%3D%3D

I've applied this to my sites as best I can but:
- If I look for aspx files in the root and sub folders, I'm not sure I'd spot a rogue file if I saw one.
- Also, I'm using ftp (FileZilla), there's no way to perform a search server side with ftp as far as i know. So to get a list of all aspx, php files and I'd either have to download each site and perform the search locally or search manually. Do you happen to know a better way to do this?

Steve
 
New Post
5/27/2016 5:37 AM
 
Aderson Oliveira
1st Level Poster

Joined: 12/28/2009
Posts: 1011

Hi Steve,

We have been dealing with a loot of this not only for DNNHero but for our clients at DeskPal.

Here is what I recommend for you:

1 - Download all your site files via FTP to your local computer;

2 - Using a program to do text search like NotePad++ or https://www.mythicsoft.com/agentransack - perform a search for .aspx or .asp file containing either "rootkit" or "Gönder" - These are terms found inside the files we have been finding. These hackers seem to like to advertise :)

3 - If you find any, there is a good indication that your site was hacked. If you don't find, I would perform another search just for .ASP or .PHP files. A normal DNN site shouldn't have either of these types of file extensions - If you find you may want to delete them;

That is what I recommend for now.

I hope it makes sense. This is what we have been doing.

Best regards,

Aderson
 
New Post
5/27/2016 5:55 AM
 
Stephen
7th Level Poster

Joined: 7/29/2012
Posts: 403

Hi Aderson,

Thank you for your reply.

OK that makes sense and sounds a good approach.

But the security warning states to search for aspx files rather than asp. No problem to delete php.
i.e. "Search the Root folder and subfolders of your site for any files with .aspx or .php extensions. Some .aspx files might be required for your site. Carefully inspect any files before deleting."

Steve
 
New Post
5/27/2016 6:00 AM
 
Aderson Oliveira
1st Level Poster

Joined: 12/28/2009
Posts: 1011

Hi Steve,

On my step #2 I suggested to search in .ASP and .ASPX files as well.

Best regards,

Aderson
 
New Post
5/27/2016 7:37 AM
 
Stephen
7th Level Poster

Joined: 7/29/2012
Posts: 403
Hi Aderson,

Yes you did, sorry, I take it you've discovered rogue files contain "rootkit" or "Gönder"

I thought we're supposed to check for any additional .aspx/php files. I suppose I need to find some tool to compare two directory structures.


Steve
 
 Page 1 of 2
12Next 
Previous
 
Next
HomeHomePremiumPremiumAdministrationAdministrationSecurity WarningSecurity Warning



Try FREE
30 days money back guaranteed


About Us
The Cape
The Cape

This is Aderson Oliveira and I'm the Chief Editor of DNNHero. First why "DNNHero". If you think I'm just a self-indulgent individual, maybe you are right :). But this was not the case. This came from a good friend of mine, Carole Martin. Back then we were working on many DNN projects together and whenever she was having a problem she used to say that she needed her "DNN Hero" referring to me. How nice! She even give me a super hero cape!

So when I decided to start recording my learning adventures on DNN, I went to check if the domain "DNNHero.com" was available. It was, so here we are.

Back in 2010 I have decided to focus my time and efforts on spreading the word about CMS platforms, DNN in particular .

I hope you enjoy DNNHero and please feel free to send me your feedback.

Contact Us
*
*
Captcha:
Copyright 2010-2024 by Wayout Corp. | Privacy Statement | Terms Of Use | Google | Aderson | The SoloCoder Podcast