See this thread blog post:

http://www.dotnetnuke.com/News/Secu...fault.aspx

Over the last few days, my traffic has been sky high.. I started looking at it and found that all the traffic was outgoing... WTF??? Did some more digging with wireshark and found a ton of outgoing http requests to a few different sites, but mostly to a Facebook ip address.. WTF??? I track down what process is creating all the connections with netstat and lo and behold, it's my DNN app pool in IIS.. Shit.. (pardon the French) A little bit of searching on the DNN site and bingo. There's the bulletin.. Sigh.. So I started digging through the site looking for stray files.. Found 3.. One that let the hacker see all the files and system properties of my server, and two that launch DOS attacks. One was being used to to hit facebook. I cleaned up the files and havent' see any problems come back yet..

Hopefully the hacker was just using the DDOS scripts and was not able to access any sensitive data before I found it.

To be honest, this particular instance of DNN was several revs behind, it could have been another exploit, but just to be safe, make sure you're upgrading to the latest and greatest..

How do you that Shad?

I just spent a few hours upgrading all my sites to 4.9.5.

5.X still scares me.

thanks,

Will

5.1.1 has been excellent and 5.1.2 is even better.I would really encourage everyone to upgrade to DNN 5.1.x before they get too many releases behind. The more releases you skip the greater your chances for a failed upgrade.

I was the last one off the high dive but finally went.

I just upgraded all my different instances to 4.9.5.. I haven't gone to 5.x yet because I haven't had time to verify all the modules I use are compatible..



Netstat will give you a list of what ports are open and what processes have them open if you use the -a -n -b switches. It'll tell you that w3wp.exe has ports open.. If you have more than one app pool on a server (and you should if you're running more than 1 instance of dnn) it doesn't tell you which app pool has the port open. There is a small vbs script in the windows\system32 directory that installs with IIS called iisapp.vbs.. run it from a command prompt using "cscript iisapp.vbs". It will then tell you the process id of each app pool. You can then use that to match the app pool up to processor usage, network ports open, etc..

Thanks Shad, I have had what I consider excessive w3wp.exe for a while now. I am going in to dig this through and see what is happening now.

Mommy, I'm scared ......

I'm on 04.09.00 and everything runs well.

I hate breaking things that work.

Geeeesh... You are starting to sound like my users at work! Change isn't necessarily a bad thing. Take a deep breath, relax, and upgrade your system... *grin*

I just upgraded one of my systems to 5.1.2, and it went pretty smooth. Now to do the other one.

If you're running your own server, I have some pretty neat upgrade scripts that make it almost painless, and allows for an immediate restore if the upgrade fails. I'm willing to share those if anyone is interested.

That's a small enough upgrade you won't have a problem.. But of course as always.. Back everything up first!!

Actually, my hesitants comes from 20+ years of corporate IT experience.

I used to manage a group of 50 developers and IT folks. I always tried to get the most creative and aggreesive developers in lead roles. I would also be sure to hire the most anal of IT folks. And as you would expect, they would each take me aside and say what an idiot the other one was. That is the natural balance.

The developer should want the latest, greatest and bug fixiest (OK I just made that up) piece of code they wrote in production.

The IT administrators would be concerned that introducing a potentially less stable and less proven application into production could make their task (keep things up and running) more difficult. And they were always concerned about potential conversion issues.

Owning a small business, I have less people but the dynamic should remain the same. So I try to temper my developer side with a little caution. Of course the longer the 5+ version is out there, the more reference material there is that will show potential problems and ways to avoid them.

But we all have different pressures, so we need to move at different paces at different times.

Sounds like it is getting time to make the move though, although I haven't really heard any substantial benefits to the latest and greatest other than I need to keep up.

Are there substantial benefits moving from 4.09.00 to the latest release?

Grrrrrr. I just went through a mess going to 4.9.2. I want to get to 5.x but I need to do a compatibility test on about a million modules.

Hey Dan I would be interested in your scripts, I was going to explore this adventure to upgrade this weekend.

Me too.

I hear ya, I waited until 5.1.1 came out before I finally upgraded. But, unless you're running some really strange modules, everything seems to be working great in v5, so it isn't as scary of an upgrade as it sounds.

It also helped once I finally broke down and wrote my upgrade scripts. That made upgrading not quite as scary. I can run the script, test out the website, and if I notice any problems at all I can run my second script which restores it back to where I was.

As for upgrading to v5, I would recommend doing it soon. The move to v5 is a major upgrade, there are a LOT of subtle differences in this version, some really nice tweaks. The modules and skins are loaded in a completely different way, and when purchasing skins now you have to choose between v4 and v5, as there are quite a few skinning differences.

Also keep in mind that v4 is no longer being developed, the only upgrades you'll see from now on are security-related bug fixes, it is a dead-end version. Not saying to HAVE to upgrade, but if you want to keep up with future module releases eventually you won't have a choice.

Anyone have a recommendation on using the upgrade or install version. I started using the install version getting to 4.7 as the upgrade would not work. I did the same going to 4.9.2. I ran into issues with the text/html module throwing an error during the install.

I'll be running some test upgrades on a local version today and tomorrow for module compatibility tests. The big ones I worry about are UVG, Catalook, etc.

I have been working on a 5.1 local copy for a month and really like some of the new features. Seems like a lot of the admin is maturing and the page/module management is getting some attention.

Steven I used these instructions http://www.mitchelsellers.com/blogs...later.aspx with success before I got the dedicated server that handles upgrades automatically.

thanks,

Will

Are you running SQL Server or SQL Server Express?

SQL 05 and as the first test this morning on one of our website using 4.9.3 install went well except when we install a module or update host settings boom.

Dan - I'm interested as well. Running SQL Server 2008