I have received numerous e-mails today regarding an exploit that was used on my site today to direct my forum's page to http://www.google.com. I have identified the root cause of the issue and am working to resolve the underlying issue.
At this time I have removed the forums module from the general public view. I will plan on re-enabling this later this evening once I have access to correct the bad database entries. I have been in contact with the DotNetNuke core team regarding this issue and I have been assured that in 4.5 it should be resolved.
I am also preparing a "Securing the Forums Module" blog which will walk you through a procecdure that I have tested that should prevent this type of exploit from occuring again in the future.
Again, I greatly appreciate the feedback and the prompt notice everyone has given me. I will work to get this back online as soon as possible!
Name (required)
Email (required)
Website
Notify me of followup comments via e-mail
Content provided in this blog is provided "AS-IS" and the information should be used at your own discretion. The thoughts and opinions expressed are the personal thoughts of Mitchel Sellers and do not reflect the opinions of his employer.
Subscribe To Blog RSSSubscribe To Blog Updates by E-Mail *Add to Technorati Favorites
Click here for advertising information.
Content in this blog is copyright protected. Re-publishing on other websites is allowed as long as proper credit and backlink to the article is provided. Any other re-publishing or distribution of this content is prohibited without written permission from Mitchel Sellers.