aderson@dnnhero.com   |      1-855-DNN-HERO

Forum

Forum


HomeHomePremiumPremiumAdministrationAdministrationSecurity Analyser - CheckDiskAccessSecurity Analyser - CheckDiskAccess
Previous
 
Next
New Post
6/30/2017 2:23 PM
 
Philip
No Ranking

Joined: 2/12/2013
Posts: 30

Hi Aderson, 

Thank you for the information on the current critical security update, I have implemented the required changes but have one issue so far with the security analyser displaying the following message after changing the folder permissions. This is the only issue I have left and would really like to resolve it.

CheckDiskAccess : Checks extra drives/folders access permission outside the website folder
Hackers could access drives/folders outside the website

I have found this thread requesting the same answers

http://www.dnnsoftware.com/forums/threadid/531262/scope/posts/still-under-attack-after-upgrade-from-629-to-742

I have made sure the App Pool permissions only have access to the website root folder but DNN says it has full access to all the drives like indicated in the above thread.

Any help would be appreciated 

Kind regards

Phil 

 

 

 

 

 

 
 
New Post
7/5/2017 2:56 PM
 
Aderson Oliveira
1st Level Poster

Joined: 12/28/2009
Posts: 1011

Hi Phil,

To be honest I don't know how to address this one, however on a private DNN group I saw someone reporting that he did the following:

"I did quite a bit tests on this and this is my conclusion.

A. It's best to put the sites on a separate partition.
B. You need to remove the rights for "Users" from the (D:) drive (cannot be done on C:)
If you don't using app pool identities is useless as they are members of "Users".
C. You cannot remove the security rights for "users" group from the C: drive AFAIK as the App pool identity users need access to some of it's subfolders..
So when one site is hacked there is still some access to the C drive left, which is apparently "by MS design"."

So I think this warning cannot be easily addressed...

Best regards,

Aderson
 
 Page 1 of 1
Previous
 
Next
HomeHomePremiumPremiumAdministrationAdministrationSecurity Analyser - CheckDiskAccessSecurity Analyser - CheckDiskAccess



Try FREE
30 days money back guaranteed


About Us
The Cape
The Cape

This is Aderson Oliveira and I'm the Chief Editor of DNNHero. First why "DNNHero". If you think I'm just a self-indulgent individual, maybe you are right :). But this was not the case. This came from a good friend of mine, Carole Martin. Back then we were working on many DNN projects together and whenever she was having a problem she used to say that she needed her "DNN Hero" referring to me. How nice! She even give me a super hero cape!

So when I decided to start recording my learning adventures on DNN, I went to check if the domain "DNNHero.com" was available. It was, so here we are.

Back in 2010 I have decided to focus my time and efforts on spreading the word about CMS platforms, DNN in particular .

I hope you enjoy DNNHero and please feel free to send me your feedback.

Contact Us
*
*
Captcha:
Copyright 2010-2024 by Wayout Corp. | Privacy Statement | Terms Of Use | Google | Aderson | The SoloCoder Podcast