DNN Hack Troubleshooting
Posted by Didier Bizimungu on 01 March 2018 09:18 am
DNN has updated its security features using a wide ranging extension called the DNN Security Analyzer. It goes through several checks for common DNN security holes and checks for exploitation
This security extension can be found at the DNN software store located at store.dnnsoftware.com. Search for the latest version and download the zip file. To install the extension:
1. Login into the DNN backend as a Host.
2. Click Host in the top menu then select extensions.
3. Click "Install Extension Wizard" and follow the directions
4. Once installation is finish refresh your website.
5. Go back to Host options, select the second menu or "Two Gears"
6. Click on Security Analyzer
7. Click the "Audit Checks" tab (first tab)
8. Scroll down through the different levels looking for any glaring errors.
9. The most common issue affecting older DNN installations right now is a Default.aspx modification.
10. If this files says it has been modified in the Security Analyzer checks, fire up your preferred FTP program into the website with the issue and open the Default.aspx file.
11. Look for any set of code that is a script (usually <script="random code") remove this code, save file and reload website.
12. Look through the rest of the Security Analyzer checks and comply with the recommended settings to the best of your abilities.