An announcement to all DNN users: Be aware of the potential security vulnerability of your website. According to a source at DNN Software, the exploit does not appear to be affecting the majority, but the fact is that it is affecting a greater number of sites than their initial reports alluded to. You need to be sure that your site isn’t vulnerable to getting compromised by hackers. This is considered to be a “critical” issue by those at DNN, and it is important to take the time to review the information provided here. There are a few simple steps to verify whether or not your site has been compromised, and if so we have provided some information and best practices on how to mitigate a breach. If you haven’t already checked your site then it’s important to take the steps we outline to make sure you are operating on a secure site.
Technical Manager for 10 Pound Gorilla Mark Saunders is an expert in using DNN Software and has recently made some valuable discoveries about the security vulnerability.
“There are many exploits out there. They affect every aspect of our lives, from our cars to our phones, and, of course, our computers and servers. Many times these exploits are held very close to the vest and discussed in private meetings and in small groups to try to mitigate the potential exploit before it is actually extensively used to attack whatever platform it exists in,” Saunders said.
He explains the exploit as follows: There are times when downplaying an exploit can have grave results for a platform or medium and he believes this is one of those cases. This exploit is at least partly automated. The bot is using a list of known DNN sites to systematically attack sites. When successful, the bot is able to create a host user. As most DNN users know, this grants access to the entire system and potentially the file system. In extreme cases it even grants access to the server. Once a host user is created, the bot creates a record of the success so a human can come in behind the bot.
“We have recorded cases to date where the site was compromised in late April and no further action was taken against the site until June 2. We are bringing this to light to let you know that it is imperative that you check your site for potential exposure to the DNN host user exploit,” Saunders said.
Saunders has began the process of notifying those who need to check their site’s security. He has also produced a video showing the process of how to ensure your site’s security, making sure no potential exploit of your site goes unnoticed. The video takes you through, step-by step, demonstrating how you can track if hackers have been through your system and what needs to be done to retake your install. If after viewing the video and reading the provided scripts you still feel uncomfortable or unsure of completing the process on your own, you can reach out to Saunders for help. All you have to do is fill out the form on the video page and we will expedite your support request.
Versions of the DNN software that put your website at risk of potential hacks are those 7.0 or more recent. Now that you know the potential for being exploited, you can take the recommended steps to secure your system. It’s quick and easy.
Mark Saunders is an experienced resource whom you can reach out to for further guidance on how to make sure you are operating a safe site. If you have any questions or would like Saunders to provide you with the service to protect your website contact him at mark@10poundgorilla.com.