In recent weeks, many of our DNN websites have systematically been targeted for Spam New User Registrations. There has been some discussion around the how and why, and as much as we can tell, the problem is this:
1. Some script kiddy has bothered to write a bot that finds DNN websites. It is not even a good bot, because it is not capable of validating registrations to automated active email addresses. (If you are the creator of the bot… “YOU ARE DOING IT WRONG” as it is not going to bring the Google results you are looking for.)
2. The bot will attempt access to: www.yoursite.com /?ctl=Register
3. This brings into play the default DNN registration process module.
4. This page is currently available if your site has either Public or Verified registrations enabled.
5. Tricks on derating the bot by raising the password complexity appeared to work a short time only.
6. Enabling the inbuilt Captcha is as good as useless, as almost any OCR application can break it.
7. A better simple solution is needed.
Here at InteractiveWebs, we decided that we would enable Recapcha (a cleaver Google Initiative https://www.google.com/recaptcha/ ) that is harder to be machine broken, and test the results. We found that all the spam registrations stopped once Recaptcha was used.
To do this we created two Free DNN Modules to add Recaptcha to the URL that this bot is using to register on sites. The two modules are to support DNN 6.2 + and 7x +.
The modules replace the standard captcha control to a recaptcha
This is a good link explaining how Recaptcha came into existence, and why it works well: https://www.youtube.com/watch?v=cQl6jUjFjp4
The free modules are available of download here: http://www.interactivewebs.com/DotNetNukeModules/ModuleDownloads.aspx
To install them and fix your site you will need to follow the instructions below:
Go to: https://www.google.com/recaptcha/intro/index.html and register your domain, or domains. This will give you the ability to use recaptcha on your DNN sites on any domain you like.
You are going to need they keys that this site provides:
Similar to these.
Install our “iwebs- register” module, making sure you pick the one that is for your DNN version.
Once installed, you need to add the module to a page as you would any other. We recommend adding it to it’s own page in the DNN Admin menu, and keeping the page Admin Only.
The module you are looking for is called: iWeb’s – Register – You can select the Settings from the module drop down as you would any other DNN module.
Enter the Public Key and Private Keu information that you received from your Google Recaptcha registration of your domain. THEN SELECT UPDATE to save the information.
After saving your public and private keys by clicking “update” you are ready to:
Click on the “Install Register Control”
This will inject the recaptcha setting into your website. So when you hit any registration URL (www.yoursite.com /?ctl=Register) you now get the recaptcah box.
Google has released what they call V2 of Recaptcha. We have update the module to support this. The process of updating to V2 goes like this.
1. By default, previously created recaptcha keys are V1. Any updated installs of our module will need to be put into V1 mode (in the settings) to keep working with your V1 keys that you have previously configured into the module. So after updating our module to the latest release, go into the module settings and enable V1 mode for the module to keep working.
2. V2 recaptcha is better than V1. So we would suggest that all users of the module update to V2. To do this, you update our module to the latest release, then go into the Google Recaptcha management page, and delete your domains security keys, then generate new keys for V2. They have instructions on that process, all be is hard to understand.
Once you have new V2 recaptcha keys, you update these new keys back into our module and ensure that the V1 mode is NOT enabled. The V2 recaptcha will then run on your site.
This was a quick solution to some script kiddies attempt to attack DNN. I’m actually struggling to find the purpose (if you wrote the bot and you are reading this, I would love to hear why). There is little threat by the registrations that I can find. More annoying that anything else. While Recaptcah can be broken, it would take some smarts or costs to use online services for the bot, so I suspect they will not bother and recaptcha will reign for this problem. In any case, if they spend some time and effort making the bot work for recaptcah, it is easy enough for us to implement some of the loads of other solutions available to stop them.
We included a donation button. If you find the solution, blog, research we did, modules we created and responses we provide to be helpful. Please consider throwing us a few $
FileHelpers, Version=184.108.40.206, Culture=neutral, PublicKeyToken=3e0c08d59cc3d657′
Error: File Management is currently unavailable. DotNetNuke.Services.Exceptions.ModuleLoadException: (0): error CS1705: Assembly ‘DotNetNuke.Modules.DigitalAssets, Version=220.127.116.115, Culture=neutral, PublicKeyToken=null’ uses ‘Telerik.Web.UI, Version=2013.2.611.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4′ which has a higher version than referenced assembly ‘Telerik.Web.UI, Version=2013.1.403.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4′ —> System.Web.HttpCompileException: (0): error CS1705: Assembly ‘DotNetNuke.Modules.DigitalAssets, Version=18.104.22.1685, Culture=neutral, PublicKeyToken=null’ uses ‘Telerik.Web.UI, Version=2013.2.611.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4′ which has a higher version than referenced assembly ‘Telerik.Web.UI, Version=2013.1.403.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4′ at System.Web.Compilation.AssemblyBuilder.Compile() at System.Web.Compilation.BuildProvidersCompiler.PerformBuild() at System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath) at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate) at System.Web.UI.TemplateControl.LoadControl(VirtualPath virtualPath) at DotNetNuke.UI.Modules.WebFormsModuleControlFactory.CreateModuleControl(TemplateControl containerControl, ModuleInfo moduleConfiguration) at DotNetNuke.UI.Modules.ModuleControlFactory.LoadModuleControl(TemplateControl containerControl, ModuleInfo moduleConfiguration) at DotNetNuke.UI.Modules.ModuleHost.LoadModuleControl() — End of inner exception stack trace —
The problem relates to a missing file that can be updated to the website /bin folder. The file is part of a free library that can be found here: http://sourceforge.net/projects/filehelpers/files/File%20Helpers%20Downloads/Version%202.0.0/
The file you need is: FileHelpers.dll front he 2.0 release from way back in 2010.
Download the file directly here: https://dl.dropboxusercontent.com/u/6726341/FileHelpers.dll
And save that to the /BIN folder in your DNN website, this will fix the issue and leave any third party modules that reference it working.
Accessing your Google Analytic Data via API
To allow a third party module or application to view and display your Google Analytics data for your website. You need to get a few things organised.
Go to: http://www.google.com/analytics/ and follow their instructions to set up your URL under an account that you can manage and access with Admin permissions. We are not going to go through these steps here as it is a given that you will have this. Seek help from Google if you can’t manage.
Go to: https://developers.google.com/ and login with your account.
To get started using Google Analytics API, you need to first create or select a project in the Google Developers Console and enable the API. Using this link guides you through the process and activates the Google Analytics API automatically.
Alternatively, you can activate the Google Analytics API yourself in the Developers Console by doing the following:
In either case, you end up on the Credentials page and can create your project’s credentials from here.
From the Credentials page, click Create new Client ID under the OAuth heading to create your OAuth 2.0 credentials.
The newly created service account will have an email address, <projectId>-<uniqueId>@developer.gserviceaccount.com; Use this email address to add a user to the Google analytics account you want to access via the API. For this tutorial only Read & Analyzepermissions are needed.
Select User Management (in the Analytics Admin)
Enter the weird email address from the API credentials step above to give Read & Analyze permissions.
If you get all that right, then the module we use, will work to access your Google Analytics data from within your module.
When you attempt to open the forum module Control Panel, you receive a.net load error that says a critical error has occurred. Upon looking at the log files for the website within DNN, you’ll notice that the related error message looks something like this.
bsoluteURL:/Default.aspxDefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNukeExceptionGUID:1012073d-d31d-4a73-a051-31478c9de05dAssemblyVersion:7.4.0PortalId:0UserId:3429TabId:107RawUrl:/Resources/Forum/ctl/EDIT/mid/506Referrer:http://website.com.au/Resources/ForumUserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3ExceptionHash:eUa1nHF8hNveOCQzqX0zOg==Message:Object reference not set to an instance of an object.StackTrace:InnerMessage:Object reference not set to an instance of an object.InnerStackTrace: at DotNetNuke.Modules.ActiveForums.Controls.Callback.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Source:FileName:FileLineNumber:0FileColumnNumber:0Method:Server Name: SERVERNAME
It is good practice to ensure that you have the latest version of the DotNetNuke forum module on your website. Especially if you are using the later versions of DNN. Currently the module project has been moved into an open source project on GitHub. The latest version can be found here: https://github.com/ActiveForums/ActiveForums
fixing the error
you need to ensure that the web.config file also includes the following reference.
<section name=”cryptography” requirePermission=”false” type=”DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke” />
<add name=”CoreCryptographyProvider” type=”DotNetNuke.Services.Cryptography.CoreCryptographyProvider, DotNetNuke” providerPath=”~\Providers\CryptographyProviders\CoreCryptographyProvider\” />
These instruction have been updated from the Zendesk instructions provided here: https://support.zendesk.com/hc/en-us/articles/203660156-Zendesk-for-Microsoft-Dynamics-CRM-Part-1-Installing-the-Zendesk-for-Microsoft-Dynamics-CRM-as-a-module-in-Microsoft-Dynamics-CRM
They use a combination of the original processes that Zendesk have created originally for CRM 2011 and that worked on Pre SP1 versions of CRM 2013. The packages referenced have been update by InteractiveWebs to work with CRM 2013 Post SP1 and CRM 2015 (technically all versions but we recommend post SP 0.1)
Install the CRM Managed Solution as you would any other CRM solution.
Download the managed solution for CRM 2015 https://www.dropbox.com/s/2m3jfhqp7jl6cal/ZendeskDynamicsCRMConnector_2015_1_0_1_managed.zip?dl=0
In CRM Navigate to SETTINGS / SOLUTIONS
Click on Import
Select the Managed CRM package – Click Next
Leave the Enable any SDK ticked, and click on Import
Allow the Import to take place
Click on Close
On Completion, Click “Publish All Customisations”.
In the CRM menu, select Settings / Security
Select the User that you wish to use to bring in Zendesk Integration Items. We are using in this example the Administrator account, but it could be anyones account.
Then with the account loaded, select the additional item dropdown menu to the far right of the top level menu, selecting Manage Roles
Select Zendesk Administrator
There is also a Zendesk Read configuration setting. The Zendesk support site has details on how this can be used.
Double Click on that name to load the account.
In your browser, click on Refresh to reload the CRM page, and in turn the top level menu that has been updated after import for the Zendesk Solution.
In the CRM system, select Settings / Zen Entity Mappings
Click + New
The most typical setups are things like on a “Contact” entity, match the Zendesk ticket requester with the email address on the “Contact” record. But what if you wanted to match of the “Full Name” field instead in both systems? Now you can by utilizing entity mappings.
Here’s a list of the most common types of mappings:
In CRM Navigate to Settings / ZD Settings (Note that this one is not the ZD Personal Settings Menu Item).
NOTE – This works best in Chrome – We found troubles with IE and Safari (not our work)!
You now need to set up your Zendesk credentials so that the system can authenticate to the appropriate Zendesk instance.
To do so, navigate to Settings, then locate the Zendesk Settings->Settings title and click the title.
You will be presented with 4 sections:
Now you are ready to add the Zendesk ticketing panel to any of the entity pages that you’ve configured mappings for. You need to repeat the steps below for each entity type you want the ticketing grid displayed on.
Next you need to enable your CRM instance to use the InteractiveWebs Web Service that will connect Zendesk to your CRM instance either in the cloud, IFD or on premises.
instance of CRM then go here: http://www.interactivewebs.com/Admin/Zendesk/tabid/3566/Default.aspx
If you have never registered with InteractieWebs then click on “Subscribe Now”
Fill in the form with the following details.
Username: Select a user name to use with our website.
Password: Select a password to use on our website
Email: Be sure to use a valid email address. We will not share or spam you, but for services we need this to be accurate.
First Name: Your First Name
Last Name: Your Last Name
CRM Address: This is the address of your CRM server in the following format: e.g.. https://contoso.hostedcrm.com:444/ You type “contoso.hostedcrm.com” (without the “ “ ).
CRM Organization: You administrator can help with this, but in the example above it is “contoso” and is usually the word before the domain of your hosting environment.
You can contact us on the help link at the bottom of the page if you are not sure what you should type here.
you will need a custom version of the web service to host on your own servers. Contact us at our website: http://www.interactivewebs.com/ContactUs/tabid/55/Default.aspx
and advise that you are after a custom web service for Zendesk to CRM 2015 integration. Advise us of:
1. The URL you use to access your CRM internally.
2. The Organisation name you use in CRM.
We can then provide you with a custom web service for $200 one off fee with no expiry date on the web service.
Lastly you will need to set up the Zendesk side of the integration.
To do this, you login to your Zendesk interface and Admin / Extensions
In Extensions you select CRM
Select Microsoft Dynamics CRM 2011
Select your hosting type
If you have IFD or Microsoft Cloud Hosted Solution, select Cloud or IFD respectively
For the Web Service (having subscribed to the service) put in: https://zendesk.interactivewebs.com (note that this will only work if you have subscribed)
If you have an on-premise then select that and put in the URL of your web service that was supplied to you after contact InteractiveWebs for a custom solution.
All the other data for that page is per the instructions and help provided by Zendesk in their help pages.
If you have problems or questions, please feel free to contact us at: http://www.interactivewebs.com – We have a range of other integration products, including website to CRM integrations for forms, billing, kb, support and more.
The symptoms of this are fairly easy. When you click on the Read more link or the title of a blog that would normally take you to the full article of the blog. The page instead displays a 404 error.
If you explore the URL you will find that the URL references the blog title something like this: http://canopi.com.au/Blog/Post/355/Single-Server-Sign-On-SSO-Part-1
take note that the URL does not end with the .aspx
The URL of the blog post is being rewritten through the friendly URL settings within the later versions of DNN.
the friendly URL settings can be found within: HOST / ADVANCED SETTINGS / FRIENDLY URL SETTINGS
and by default in the later versions of DNN are enabled. The problem arises when the web.config file is missing a setting for the advanced URL rewriting.
the fix is very easy and involves editing the web.config file.
1. Take a backup of the web.config file for your site2. Open the web.config file, and search for ‘urlformat’. You should find this in the section, like this:
<add name="DNNFriendlyUrl" type="DotNetNuke.Services.Url.FriendlyUrl.DNNFriendlyUrlProvider, DotNetNuke.HttpModules" includePageName="true" regexMatch="[^a-zA-Z0-9 _-]" urlFormat="humanfriendly" />
3. Change the urlFormat value to ‘advanced’, like this:
<add name="DNNFriendlyUrl" type="DotNetNuke.Services.Url.FriendlyUrl.DNNFriendlyUrlProvider, DotNetNuke.HttpModules" includePageName="true" regexMatch="[^a-zA-Z0-9 _-]" urlFormat="advanced" />