Forum


HomeHomePremiumPremiumAdministrationAdministrationSecurity Analyser - CheckDiskAccessSecurity Analyser - CheckDiskAccess
Previous
 
Next
New Post
6/30/2017 2:23 PM
 

Hi Aderson, 

Thank you for the information on the current critical security update, I have implemented the required changes but have one issue so far with the security analyser displaying the following message after changing the folder permissions. This is the only issue I have left and would really like to resolve it.

CheckDiskAccess : Checks extra drives/folders access permission outside the website folder
Hackers could access drives/folders outside the website

I have found this thread requesting the same answers

http://www.dnnsoftware.com/forums/threadid/531262/scope/posts/still-under-attack-after-upgrade-from-629-to-742

I have made sure the App Pool permissions only have access to the website root folder but DNN says it has full access to all the drives like indicated in the above thread.

Any help would be appreciated 

Kind regards

Phil 

 

 

 

 

 

 

 
New Post
7/5/2017 2:56 PM
 

Hi Phil,

To be honest I don't know how to address this one, however on a private DNN group I saw someone reporting that he did the following:


"I did quite a bit tests on this and this is my conclusion.

A. It's best to put the sites on a separate partition.
B. You need to remove the rights for "Users" from the (D:) drive (cannot be done on C:)
If you don't using app pool identities is useless as they are members of "Users".
C. You cannot remove the security rights for "users" group from the C: drive AFAIK as the App pool identity users need access to some of it's subfolders..
So when one site is hacked there is still some access to the C drive left, which is apparently "by MS design"."


So I think this warning cannot be easily addressed...

Best regards,

Aderson

 
Previous
 
Next
HomeHomePremiumPremiumAdministrationAdministrationSecurity Analyser - CheckDiskAccessSecurity Analyser - CheckDiskAccess



Try FREE
30 days money back guaranteed