+1-888-365-2779
Try Now
More in this section

Forums / Security / Sitefinity Security

Sitefinity Security

2 posts, 0 answered
  1. Leon Williams
    Leon Williams avatar
    20 posts
    Registered:
    18 Mar 2010
    10 Jun 2010
    Link to this post
    We noticed in our event logs that there were several hundred attempts to hack Sitefinity.  Does anyone know anything about this site type of thing.   How can we prevent this, and is Sitefinities security strong enough to withstand this type of attack?  What are some things we need to do prevent attacks?

    http://<domain>/sitefinity/cmsentrypoint.aspx?tabid=43&ItemID=300/</body></html>http://www.bakhlaw.com/casper/Ckrid1.txt

    Thanks,
    Leon
  2. Ivan Dimitrov
    Ivan Dimitrov avatar
    16072 posts
    Registered:
    09 Dec 2016
    11 Jun 2010
    Link to this post
    Hello Leon Williams,

    You can take a look at Building a secured Sitefinity website  and implement IP restriction for the backend if necessary of block some the incoming requests through your FireWall. There is no case where we append querystrings like tabid and itemID to the cmsentrypoint.aspx

    All page requests pass through cmsentrypoint.aspx. Also this file is located under Sitefinity folder which means that it cannot be accessed until you have authenticated yourself. ASP.NET will send you to the login page immediately, because Forms authentication uses an authentication ticket that is created when a user logs on to a site. If there is no such ticket the requests is terminated and the user is redirected to a configured logon page. The file inherits InternalPage.cs which implements methods for page management- getting  the mode of the page, name of the ICms Page, instance of CmsManager, optional page settings like EnableViewState, returns the name of the Theme to be set for the current page . Our CmsHttpModule rewrites the URL to cmsentrypoint.aspx, which is the page handler for each CMS page in the Sitefinity. It seems that this is not a hack attack but something in your project forces calling an internal handler before page internal check and you are redirected to our cmsentrypoint.aspx.

    Greetings,
    Ivan Dimitrov
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
2 posts, 0 answered