Securing DotNetNuke and the potential module problems

Recently I was viewing my log files and noticed that every other day people were trying to hack into the DNN Creative Magazine website by trying to log in as host.

Therefore I decided to further secure the host account by creating a new superuser account with a different username and a 21 letter password. I then deleted the original host account.

(This way a potential hacker has to guess the host username as well as the password to gain access.)

This is where the problem occurred. - The News Articles module by Scott McCulloch that DNN Creative uses for RSS feeds and easy searching via categories of the various articles / tutorials etc. no longer displayed any articles.

(I now start to panic)

I have somehow managed to delete the entire websites articles. (Or has someone managed to hack into the site and deleted everything?!) - After further investigation I discovered the articles still existed within the database, but for some reason they were no longer displaying within the website.

It took me a full day to realise what had actually happened....

The News Article module has a reference to the user that created the original article, if that user is deleted - the News Articles module no longer displays the article. All of the articles were created while logged in as Host, so all of the articles no longer displayed.

Therefore I had to do two updates to the DNN Forge Articles table.

I had to update the column that contained the AuthorID and the LastUpdatedID as these contained the User ID of the original host account that I deleted.

Therefore, I just ran this query to update both of these columns to the new User ID of the new SuperUser account (The ID here is not the correct ID number!)

UPDATE DnnForge_NewsArticles_Article
SET AuthorID = 2034, LastUpdateID = 2034
WHERE (AuthorID = 1) OR
(LastUpdateID = 1)


Panic over! - So there is a valuable lesson, if you have a module that references a user when you create content, what happens when you delete that user?? - Perhaps module designers should programme for this possibility?

Hope this will be of some use to someone else...

dotnetnuke

DNN Core project Repository module released!

I am pleased to inform you that the DotNetNuke core project Repository module has just been released!

I'm a member of the project team for the Repository module and it is great to see that Steve Fabian and the rest of the teams hard work has paid off.

You can download the module here:

http://www.dotnetnuke.com/Default.aspx?tabid=831


Other Core project modules that are available are:

Blog module: http://www.dotnetnuke.com/Default.aspx?tabid=854

Forum module: http://www.dotnetnuke.com/Default.aspx?tabid=823

Gallery module: http://www.dotnetnuke.com/Default.aspx?tabid=861

You can see a list of all the core project modules here:
http://www.dotnetnuke.com/tabid/125/default.aspx

Ask questions to the skinning experts - mp3 interview

In the next issue (no. 5), DNN Creative Magazine is going to begin a new series looking at creating a DNN website. Issue 5 in particular will feature skinning.

Alongside the skinning tutorials I am currently arranging an mp3 interview regarding skinning.

I want to give you the opportunity to ask your own questions to the skinning experts.

Please reply to this forum post with any questions regarding skinning and I will include the most relevant questions in the mp3 interview.

http://www.dnncreative.com/tabid/88/forumid/3/postid/94/view/topic/Default.aspx

dotnetnuke

Configuring DotNetNuke before installation

The initial installation of DotNetNuke can be configured so that when you upload and initiate the installation, all of your preferred settings, modules, and skins are automatically installed.

This can be a massive time saving device.

Options can include setting up the:

• Host Menu / Site Settings
• Admin Menu / Portal Site Settings
• Parent / Child Portals
• Automatically installing 3rd party modules, skins and containers, private assemblies and language packs

Further options can also include creating a default series of pages which are automatically installed with DotNetNuke.

This video tutorial demonstrates all of these options:

Video Tutorial: How to configure DotNetNuke before installation

dotnetnuke

DotNetNuke 4.0.1 breaks some modules

A problem has just been brought to my attention that occurs with the new release of DNN 4.0.1

If you are using the core project blog module, the new upgrade will break the module.

The new upgrade will affect most modules that dynamically change the page title. You can read further information regarding this here:

http://www.dotnetnuke.com/tabid/795/mid/2108/threadid/10254/scope/posts/Default.aspx

Information so far... - This update breaks:

DotNetNuke core project forum module
News Articles module by Scott McCulloch
PageLocalization module by Apollo Software
Active Forums

I've posted this up on the ASP.Net forums so that people can add which modules are affected.

You can view this post here:
http://forums.asp.net/1137154/ShowPost.aspx


As with all upgrades, I would strongly advise that you test the upgrade on a localhost install before applying it to a live website to ensure that all of your modules still work correctly.

The 3.2.1 release works ok with these modules and does not have this problem.

dotnetnuke

DotNetNuke 3.2.1 and 4.0.1 Released

DotNetNuke 3.2.1 and 4.0.1 have just been released. These are both stabilisation releases with a number of key bug fixes.

The 3.2.1 release contains an updated version of the Microsoft MemberRole component which addresses some Medium Trust issues on ASP.NET 2.0.

A variety of defect corrections and new versions of the FreeTextBox rich text editor control are also included.

The DotNetNuke Installation Guide.pdf in the documentation download has also nearly doubled in size to 63 pages. This addresses some of the areas of documentation weakness raised in various threads in the asp.net forums.

Upon quickly reading the new documentation, it is a vast improvement and should clarify a lot of the questions that have been raised in the forums.

In particular they address the following issues which have been raised:

If you are using version 3.2.1 with ASP.NET 2.0 and your website hosting provider is running under Medium Trust, you need to make some additional adjustments to your web.config file, you can read about these on page 18 of the new documentation.

If you are using version 4.0.1 and your website hosting provider is running under Medium Trust you can find details regarding this on page 35 of the new documentation. - The documentation states to use the development.config file instead of the release.config file if you are running under Medium Trust. (The development.config file is not included in the install.zip download file, it's included in the source.zip/website folder download file.)

I haven't tested installing DNN4.0.1 in a Medium Trust environment yet, so I can not confirm the process.

I will be testing DNN 4.0.1 over the next month or so and will provide further information when I have fully tested the setup on a live website.

You can download the latest releases from: http://www.dotnetnuke.com/Default.aspx?tabid=125


DotNetNuke Upgrade and installation video tutorials are also included in Issue 4 of DNN Creative Magazine.

dotnetnuke

Video Tutorial: How to install a module to DotNetNuke

This free video tutorial demonstrates how to install a module to DotNetNuke.

This installation tutorial is the standard method of installing a module. Some third party modules require special installation procedures, so always ensure you read any additional installation instructions that are included with a module.

The tutorial demonstrates downloading the blog module from the dotnetnuke.com website and how to install it to your DotNetNuke portal.

Free Video Tutorial: How to install a module to DotNetNuke

dotnetnuke

Video Tutorial: How to upgrade DoNetNuke on a live website

This free video tutorial demonstrates how to upgrade DotNetNuke® from any version 3.x to the latest DotNetNuke 3.2 version.

It also offers advice on when to upgrade, further recommendations and key points to note from the video to help ensure you have a successful upgrade of DotNetNuke.

Video Tutotrial: How to upgrade DoNetNuke on a live website

dotnetnuke

Video Tutorial: Installing DotNetNuke 3.2 to a website hosting provider

This free video tutorial demonstrates how to install DotNetNuke® 3.2 to a hosting provider. We demonstrate this using Server Intellect as our hosting provider (In a shared hosting environment).


Video 1 covers:

• Configuring your hosting provider server (using Helm Control Panel)
• Adding a website domain name
• Using a domain alias (Temporary URL) (we use this while waiting for the Nameserver settings to take effect – approx 24 / 48 hours)
• How to create a Microsoft SQL Server database
• How to create a User and Password to access the SQL Server database
• How to set which version of ASP.NET to use (1.1 or 2.0)
• Downloading the DotNetNuke® code, extracting the zip
• Editing the release.config file and creating the web.config file
• Adding the SQL database connection string to the web.config file

Time Length: 15:42
Download size: 11.6MB


Video 2 covers:

• Final checks to make to the server settings before uploading the DotNetNuke® files
• How to find a free FTP programme
• Uploading the DotNetNuke® files via FTP using AceFTP3
• How to start the installation process of DotNetNuke® using a temporary URL
• 24 hours later configuring DotNetNuke® to use the actual URL
• How to configure the portal aliases for DotNetNuke®
• Final security changes you need to make
  

Time Length: 14:21
Download size: 10.8MB

Video Tutorial: Installing DotNetNuke 3.2 to a website hosting provider

dotnetnuke

How to adjust your Nameserver settings

Once you have bought your own domain name (ie. www.dnncreative.com) and your hosting package, you need to point your domain name from your domain registrar to your hosting providers’ servers in order to access your web page.

It's important that you do this as soon as possible as it can take 24 to 48 hours for the new settings to take effect across the internet.

For this tutorial we have purchased our domain name using 1&1.com and we are going to point the domain to the www.serverintellect.com servers.

How to adjust your Nameserver settings

dotnetnuke