We have had multiple DNN sites running for quite a few months now without any issues. Twice in the last 3 days our sites have gone offline by the addition of the app_offline.htm file in the root dir.
There is only one developer with access to the sites at a coding / directory viewing level and the file is generated at weird times times when he is NOT accessing our network.
We are not publishing anything to the server ( and have not published any .net code in days ), upgrading, changing code, or even modifying content. Has anyone run into this issue?
It sounds like someone is messing with your server. Can you view the event logs to see who is accessing your server? Do you have the ability to change the passwords on the box?
Mark
Related
Treesize free (https://www.jam-software.com/treesize_free) is a file / folder analysis tool that quickly scans a PC and sorts folders and files in order of size to quickly show what is using up disk space.
It used to work just fine but sometime in the last few months (I've got a new PC so might be just since having this) I've noticed it has stopped working for OneDrive folders. We use OneDrive for business at work and all my docs / downloads / desktop etc are backed up on OneDrive, and these folders are all marked to keep offline ("Always keep on this device"), so they are saved locally.
However, Treesize doesn't show these files, apparently I only have 4GB in OneDrive.
If I right click the OneDrive folder and go to properties, I can see that it is about 60GB.
Any ideas what's going wrong, or how I could analyse disk space that is used by OneDrive?
I have the latest version of Treesize and have also tried an older version
I've tried starting Treesize as admin and as standard
Weird but just if I select an individual folder within Onedrive, it will scan fine. Just not the whole thing. So then I tried scanning the full C drive and then go to the Onedrive folder and "Update this branch" and it finished scanning it just fine:
and updates correctly after that:
Bit annoying though. Doesn't explain why it's doing this in the first place
I'm experiencing an unusual problem with my php (7.3) website creating huge number of unwanted session files on server every minute (around 50 to 100 files) and i noticed all of them having a fixed size of 125K or 0K in cPanel's file manager, hitting iNode counts going uncontrolled into thousands in hours & hundred thousands+ in a day; where as my website really have a small traffic of less than 3K a day and google crawler on top it. I'm denying all bad bots in .htaccess.
I'm able to control situation with help of a cron command that executes every six hours cleaning all session files older than 12hours from /tmp, however this isn't an ideal solution as fake session files getting created great in number eating all my server resources like RAM, Processor & most importantly Storage getting bloated impacting overall site performance.
I opened many of such files to examine but found them not associated with any valid user as i add user id, name, email to session upon successful authentication. Even assuming a session created for every visitor (without acc/login), it shouldn't go beyond 3K on a day but sessions count going as high as 125.000+ just in a day. Couldn't figure out the glitch.
I've gone through relevant posts and made checks like adding IP & UserAgent to sessions to track suspecious server monitoring, bot crawling, overwhelming proxy activities, but with no luck! I can also confirm by watching their timestamps that there is no human or crawler activity taken place when they're being created. Can see files being created every single minute without any break throughout the day!!.
Didn't find any clue yet in order to figure out root cause behind this weird behavior and highly appreciate any sort of help to troubleshoot this! Unfortunately server team unable to help much but added clean-up cron. Pasting below content of example session files:
0K Sized> favourites|a:0:{}LAST_ACTIVITY|i:1608871384
125K Sized> favourites|a:0:{}LAST_ACTIVITY|i:1608871395;empcontact|s:0:"";encryptedToken|s:40:"b881239480a324f621948029c0c02dc45ab4262a";
Valid Ex.File1> favourites|a:0:{}LAST_ACTIVITY|i:1608870991;applicant_email|s:26:"raju.mallxxxxx#gmail.com";applicant_phone|s:11:"09701300000";applicant|1;applicant_name|s:4:Raju;
Valid Ex.File2> favourites|a:0:{}LAST_ACTIVITY|i:1608919741;applicant_email|s:26:"raju.mallxxxxx#gmail.com";applicant_phone|s:11:"09701300000";IP|s:13:"13.126.144.95";UA|s:92:"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0 X-Middleton/1";applicant|N;applicant_name|N;
We found that the issue triggered following hosting server's PHP version change from 5.6 to 7.3. However we noticed unwanted overwhelming session files not created on PHP 7.0! It's same code base we tested against three versions. Posting this as it may help others facing similar issue due to PHP version changes.
I was just hired to maintain and redesign various site the company has running on an old version of DNN. The site has been hacked and someone uploaded some directories and web.config files that were redirecting users to stream suspicious streaming sites. Also, the attacker added some scripts that show Google Ads on all the blog articles. Needless to say its a mess.
Nevertheless, I was able to go in there, deleted a super admin account (that's how they got in I think) , delete a few directories that had over a thousand html files for streaming sites and also deleted the old FCK Editor.
I am completely new to DNN and need some help with the directory and structure to try and see if I can resolve this. So far, I cannot get rid of the Google Ads in the blog and for the life of me I cannot find where the blog articles live inside the root/directory. When I go in there and delete the ads through the DNN UI the ads come back in hours or a couple of days. The directories with the html files have not returned. Just the ads.
I know that we have to upgrade but if I remove the ads I will have more to to develop the new sites without feeling rushed because of the current issue.
If anyone can point me in the right direction I would really appreciate it.
That sounds awful, as obviously someone (ore something) still manipulates your site from the outside (or inside?). There are a lot of issues on old DNN Versions, and the only thing I can really recommend is to find an upgrade path to the newest version. I don't know how big your site is, maybe it is easier to set it up from scratch with a new version (if the site is not too big).
The directory structure does not help you finding any content as everything is stored in a database. To be more specific I would need more information about the DNN version and the extensions (and versions of the extensions) in use, but disclosing this here in the public could be a security risk for you. You could write me a PM here if you wish to get in contact.
To find people (maybe in your area) who can help you could give these web sites a try: https://dnncommunity.org (Resources > Forums) and https://dodnn.work/.
It sounds like your site might have been impacted by a few different exploits, and most likely I would guess it is version 7.x or earlier and been upgraded from versions prior to that.
For the immediate need you are going to need to try and identify anything and everything that is out of the norm, this can be very daunting for those that are not familiar with the platform, but a few tips.
Look in the DB for data in the Header or Footer field of the TabModules table
Look for any rogue files that really should not be there, anything with an extension of (.php, .asp, etc.)
Look for rogue files in directories outside of the /Portals/* folder that don't match a DNN Install. (This takes a bit of personal experience.)
Look at your default.aspx file it should NOT have a recent modified date. If it does, compare it against the one that you get when you download the install package of that version of DNN
Now, once you have done this, be sure to do any mitigations that you can for known exploits. Including:
Delete /Install/Install.aspx
Delete /Install/InstallWizard.aspx
Disable any host account with a username of 'host' and create a new one if that was your only one
Feel free to email me directly as well if you need some help.
Running WSo2 EMM 1.1.0, everything has been working just fine except for one big issue.
From the moment I first click on an app in the App Management tab, the WSO2EMM_DB.h2.db file starts to steadily grow as long as the server is running, even with absolutely no changes. Eventually, it gets so big that clicking an app on that tab takes a ridiculously long time to load the list of devices using the app. We're talking 5+ minutes, it becomes completely unusable. I have checked the error logs and found no errors at all, every time.
Restarting the server does nothing to correct the issue. Even if I click an app on the App Management tab once, and never again, the database file will continue to grow. Even restarting the server and not logging into the EMM page, it will continue to grow.
The only thing I've found so far that can possibly help is keeping backup copies of the database file and overwriting the current file when it gets too big. Obviously that's not a solution, as I'd need to create a new backup file every time there's a change on the server, and eventually the database file would grow too big from that too.
It's not an issue with the H2 database either. Not only have I tried starting over fresh several times and have had the same behavior, but here is the only info I could find regarding this issue, and they were having the issue regardless of whether or not it was on H2 or MySQL.
I've been trying to find a solution for this for over a month with no success. Any help would be appreciated!
EDIT: It looks like this might be the subject of EMM-826. Unfortunately there seems to be no response to that bug report so far.
EDIT 2: EMM-826 was closed with a message saying the following:
This issue is fixed in the EMM 1.1.0 GA latest pack. Please get all the patches for the product/build the product from the latest source [ https://github.com/wso2/product-emm ] and try again.
Unfortunately, that did not work for me. I'm not sure what exactly I'm doing wrong, so I'll list the what I did to try to fix it:
Downloaded the EMM 1.1.0 zip from http://wso2.com/products/enterprise-mobility-manager/.
Downloaded the zip from https://github.com/wso2/product-emm and pasted the files from that into my EMM_HOME directory.
When that didn't work, I searched for patches and found I was only using patches 1-6. In the documentation I found I could download patches 7-12 here. Patches 9 and 10 didn't work right for some reason; causing me not to be able to reach the EMM dashboard or publisher. I could only access the Carbon manager. I was able to make patches 7, 8, 11, and 12 work though - with no change in behavior.
Here are the steps I take to reproduce the issue:
After setting a fresh copy of the EMM up, I log in to the EMM dashboard as Admin, set up a user account, and upload an app through the Publisher.
Register a device to the user account I set up. In this case, an Android device running Android 4.2.2.
From the dashboard, I go to App Management and click the app I uploaded. The list of devices loads, but from that point on, the database file starts growing and eventually, after several hours, becomes so large it the device list will never load.
Please help!
Found this happening also, from a quick look it's the WSO2EMM_DB.notifications table. Seems to keep a history of all notifications over time, and the info for app installs is taken from non-optimized queries, which degrade as the table grows. You 'could' delete all rows from the table, and it will re-populate as devices 'check back' and report their info.
But you'd probably want to write a query to just keep the latest notification of each type of each user (I'll leave that to someone else...) and as was mentioned, it is apparently fixed in the latest version.
Issue appears to be resolved in EMM 2.0, which can be found here.
I am struggling to make a SqlCE local database to work in my winforms project.
I`m used to work with web app, this is my first desktop app, and after understand a lot of tricks like when you insert data in your local database while debugging, the data goes to a magic database inside bin/debug folder - that I would never wonder by myself - and from yesterday to now, I launch my project again, and guess what the new trick? The database got lost ¬¬ !!
Suddenly my project can't recognize its own path to the database and it throws me an error: "The path is not from a legal form", I SWEAR I didn't move the mouse from yesterday when it was working from now.
Anyway, SqlCE gave me a lot of headaches already, I'm doing this project as a favor to a bookstore inside a charity house and I'd like this project gets only one weekend - it already didn't.
So, as I don`t have a big amount of data to store, what would be the alternatives to store this data without a .sdf file?
If you want to stay with SQL I would recommend SQLite. Small, lightweight and results are placed in a single file.
http://sqlite.org/