In recent weeks, many of our DNN websites have systematically been targeted for Spam New User Registrations. There has been some discussion around the how and why, and as much as we can tell, the problem is this:
1. Some script kiddy has bothered to write a bot that finds DNN websites. It is not even a good bot, because it is not capable of validating registrations to automated active email addresses. (If you are the creator of the bot… “YOU ARE DOING IT WRONG” as it is not going to bring the Google results you are looking for.)
2. The bot will attempt access to: www.yoursite.com /?ctl=Register
3. This brings into play the default DNN registration process module.
4. This page is currently available if your site has either Public or Verified registrations enabled.
5. Tricks on derating the bot by raising the password complexity appeared to work a short time only.
6. Enabling the inbuilt Captcha is as good as useless, as almost any OCR application can break it.
7. A better simple solution is needed.
Here at InteractiveWebs, we decided that we would enable Recapcha (a cleaver Google Initiative https://www.google.com/recaptcha/ ) that is harder to be machine broken, and test the results. We found that all the spam registrations stopped once Recaptcha was used.
To do this we created two Free DNN Modules to add Recaptcha to the URL that this bot is using to register on sites. The two modules are to support DNN 6.2 + and 7x +.
The modules replace the standard captcha control to a recaptcha
This is a good link explaining how Recaptcha came into existence, and why it works well: https://www.youtube.com/watch?v=cQl6jUjFjp4
The free modules are available of download here: http://www.interactivewebs.com/DotNetNukeModules/ModuleDownloads.aspx
To install them and fix your site you will need to follow the instructions below:
Go to: https://www.google.com/recaptcha/intro/index.html and register your domain, or domains. This will give you the ability to use recaptcha on your DNN sites on any domain you like.
You are going to need they keys that this site provides:
Similar to these.
Install our “iwebs- register” module, making sure you pick the one that is for your DNN version.
Once installed, you need to add the module to a page as you would any other. We recommend adding it to it’s own page in the DNN Admin menu, and keeping the page Admin Only.
The module you are looking for is called: iWeb’s – Register – You can select the Settings from the module drop down as you would any other DNN module.
Enter the Public Key and Private Keu information that you received from your Google Recaptcha registration of your domain. THEN SELECT UPDATE to save the information.
After saving your public and private keys by clicking “update” you are ready to:
Click on the “Install Register Control”
This will inject the recaptcha setting into your website. So when you hit any registration URL (www.yoursite.com /?ctl=Register) you now get the recaptcah box.
Google has released what they call V2 of Recaptcha. We have update the module to support this. The process of updating to V2 goes like this.
1. By default, previously created recaptcha keys are V1. Any updated installs of our module will need to be put into V1 mode (in the settings) to keep working with your V1 keys that you have previously configured into the module. So after updating our module to the latest release, go into the module settings and enable V1 mode for the module to keep working.
2. V2 recaptcha is better than V1. So we would suggest that all users of the module update to V2. To do this, you update our module to the latest release, then go into the Google Recaptcha management page, and delete your domains security keys, then generate new keys for V2. They have instructions on that process, all be is hard to understand.
Once you have new V2 recaptcha keys, you update these new keys back into our module and ensure that the V1 mode is NOT enabled. The V2 recaptcha will then run on your site.
This was a quick solution to some script kiddies attempt to attack DNN. I’m actually struggling to find the purpose (if you wrote the bot and you are reading this, I would love to hear why). There is little threat by the registrations that I can find. More annoying that anything else. While Recaptcah can be broken, it would take some smarts or costs to use online services for the bot, so I suspect they will not bother and recaptcha will reign for this problem. In any case, if they spend some time and effort making the bot work for recaptcah, it is easy enough for us to implement some of the loads of other solutions available to stop them.
We included a donation button. If you find the solution, blog, research we did, modules we created and responses we provide to be helpful. Please consider throwing us a few $
FileHelpers, Version=184.108.40.206, Culture=neutral, PublicKeyToken=3e0c08d59cc3d657′
Error: File Management is currently unavailable. DotNetNuke.Services.Exceptions.ModuleLoadException: (0): error CS1705: Assembly ‘DotNetNuke.Modules.DigitalAssets, Version=220.127.116.115, Culture=neutral, PublicKeyToken=null’ uses ‘Telerik.Web.UI, Version=2013.2.611.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4’ which has a higher version than referenced assembly ‘Telerik.Web.UI, Version=2013.1.403.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4’ —> System.Web.HttpCompileException: (0): error CS1705: Assembly ‘DotNetNuke.Modules.DigitalAssets, Version=18.104.22.1685, Culture=neutral, PublicKeyToken=null’ uses ‘Telerik.Web.UI, Version=2013.2.611.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4’ which has a higher version than referenced assembly ‘Telerik.Web.UI, Version=2013.1.403.40, Culture=neutral, PublicKeyToken=121fae78165ba3d4’ at System.Web.Compilation.AssemblyBuilder.Compile() at System.Web.Compilation.BuildProvidersCompiler.PerformBuild() at System.Web.Compilation.BuildManager.CompileWebFile(VirtualPath virtualPath) at System.Web.Compilation.BuildManager.GetVPathBuildResultInternal(VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVPathBuildResultWithNoAssert(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean throwIfNotFound, Boolean ensureIsUpToDate) at System.Web.Compilation.BuildManager.GetVPathBuildResult(HttpContext context, VirtualPath virtualPath, Boolean noBuild, Boolean allowCrossApp, Boolean allowBuildInPrecompile, Boolean ensureIsUpToDate) at System.Web.UI.TemplateControl.LoadControl(VirtualPath virtualPath) at DotNetNuke.UI.Modules.WebFormsModuleControlFactory.CreateModuleControl(TemplateControl containerControl, ModuleInfo moduleConfiguration) at DotNetNuke.UI.Modules.ModuleControlFactory.LoadModuleControl(TemplateControl containerControl, ModuleInfo moduleConfiguration) at DotNetNuke.UI.Modules.ModuleHost.LoadModuleControl() — End of inner exception stack trace —
The problem relates to a missing file that can be updated to the website /bin folder. The file is part of a free library that can be found here: http://sourceforge.net/projects/filehelpers/files/File%20Helpers%20Downloads/Version%202.0.0/
The file you need is: FileHelpers.dll front he 2.0 release from way back in 2010.
Download the file directly here: https://www.dropbox.com/s/otusnlf1jmy9f6o/FileHelpers.dll?dl=0
Extract it into the /bin folder.
And save that to the /BIN folder in your DNN website, this will fix the issue and leave any third party modules that reference it working.
Accessing your Google Analytic Data via API
To allow a third party module or application to view and display your Google Analytics data for your website. You need to get a few things organised.
Go to: http://www.google.com/analytics/ and follow their instructions to set up your URL under an account that you can manage and access with Admin permissions. We are not going to go through these steps here as it is a given that you will have this. Seek help from Google if you can’t manage.
Go to: https://developers.google.com/ and login with your account.
To get started using Google Analytics API, you need to first create or select a project in the Google Developers Console and enable the API. Using this link guides you through the process and activates the Google Analytics API automatically.
Alternatively, you can activate the Google Analytics API yourself in the Developers Console by doing the following:
In either case, you end up on the Credentials page and can create your project’s credentials from here.
From the Credentials page, click Create new Client ID under the OAuth heading to create your OAuth 2.0 credentials.
The newly created service account will have an email address, <projectId>-<uniqueId>@developer.gserviceaccount.com; Use this email address to add a user to the Google analytics account you want to access via the API. For this tutorial only Read & Analyzepermissions are needed.
Select User Management (in the Analytics Admin)
Enter the weird email address from the API credentials step above to give Read & Analyze permissions.
If you get all that right, then the module we use, will work to access your Google Analytics data from within your module.
When you attempt to open the forum module Control Panel, you receive a.net load error that says a critical error has occurred. Upon looking at the log files for the website within DNN, you’ll notice that the related error message looks something like this.
bsoluteURL:/Default.aspxDefaultDataProvider:DotNetNuke.Data.SqlDataProvider, DotNetNukeExceptionGUID:1012073d-d31d-4a73-a051-31478c9de05dAssemblyVersion:7.4.0PortalId:0UserId:3429TabId:107RawUrl:/Resources/Forum/ctl/EDIT/mid/506Referrer:http://website.com.au/Resources/ForumUserAgent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3ExceptionHash:eUa1nHF8hNveOCQzqX0zOg==Message:Object reference not set to an instance of an object.StackTrace:InnerMessage:Object reference not set to an instance of an object.InnerStackTrace: at DotNetNuke.Modules.ActiveForums.Controls.Callback.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)Source:FileName:FileLineNumber:0FileColumnNumber:0Method:Server Name: SERVERNAME
It is good practice to ensure that you have the latest version of the DotNetNuke forum module on your website. Especially if you are using the later versions of DNN. Currently the module project has been moved into an open source project on GitHub. The latest version can be found here: https://github.com/ActiveForums/ActiveForums
fixing the error
you need to ensure that the web.config file also includes the following reference.
<section name=”cryptography” requirePermission=”false” type=”DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke” />
<add name=”CoreCryptographyProvider” type=”DotNetNuke.Services.Cryptography.CoreCryptographyProvider, DotNetNuke” providerPath=”~\Providers\CryptographyProviders\CoreCryptographyProvider\” />
Its kind of annoying to find that after a fresh install of Windows 2016 Server you have a service that fails to behave correctly.
When you click on the service, you will see something like this.
Even if you attempt to force a start, it does not resolve this issue.
The good news is that this service is really not something you want anyway if you have a windows server doing actual server functions.
The simple fix is to disable this service. The easy way to do this is to:
Open Windows Powershell
Type this command:
Get-Service -Name MapsBroker | Set-Service -StartupType Disabled -Confirm:$false
Get-Service -Name MapsBroker | Set-Service -StartupType Disabled -Confirm:$false
Problem is now fixed, and this annoying service is off and will not bother you again.
But let me explain why we think the reviews we have read online don’t live up to our experience.
Firstly, as someone who professionally travels the entire globe and who is a techno geek, data is one of the most important travel tools these days. To look up and book all sorts of things form AirBnB to Uber,, Google Maps and just staying in contact with loved ones.
Getting Data is really still a huge hassle after all these years. Blackberry had the right idea to provide unlimited global packages for their devices world wide, and I personally cannot wait for Elon Must to get his 4,425 satellites up and running giving global coverage of low orbit satellite based data services. I am surprised that Apple or Google etc have not jumped in and lined up the telcos who are still busy ripping people for global data. They will end up wishing they had global alliances once something else comes online. Anyway I digress.
KnowRoaming has a good idea. They tap into the alliance of roughly 50-60 normal countries that appear to be able to operate in the real world and have some reasonable deals. The countries are sort of the ones you would expect. Basically if the telcos operate in a fair and less regulated environment (read western civilised countries) then they are likely on the list. If the countries government or royal highness owns the telcos or chops the hands of thieves off, then they are probably not on the list. (Read 1/2 the world that operates in dictator chaos).
Among the plans is the All You can Eat $7.99 per day for unlimited data. This was particularly appealing to me as I am often in countries for a short period of time.
The device I took was the sticker that you put easily on your sim card that gives your extra function while away form your normal carrier. No problems with the sticker and applying it.
The issues I have are with the KnowRoaming App. The app controls the management of data access while in other countries. The idea is that you power it up while in the roaming countries and select the plan you wish to use. The failures of the app are this.
1. Unintuitive not user Friendly. – The app needs to install profiles on the iPhone to set up local data access. This part I can handle. Installing profiles are like installing certificates on a phone. A little odd at first, but once you get the idea of it, then not to bad. But the really unfriendly part is that you activate data on the home screen, but the app then needs to download the local roaming profiles to get the plans available locally. At times the connection download rate to get this data is so bad that the app does not find the data you need. Then you are left with an activated connecting that is using your data at a huge rate, and charing you normal crappy connection rates because you have not activated the daily plan. On more than one occasion I used all my credit before I could get a daily rate activated.
Other times I activated the daily plan, only to instantly loose the connection for a period of time. Then to find out that the activation did not take and I was again using all my credit when connection returned.
2. Reliability – Very poor at best. Because of this switching of profiles and presumably the providers of choice in the countries being forced for connection on once activated. I often found I was in a location like an airport with great reception. As soon as I activated the mobile data in the KnowRoaming app, and turned the Roaming Data on in the phone settings, I lost my connection all together to the telcos. No signal. Frustrating as hell when you need to get something done.
3. Data Priority – As you would expect with data roaming services, the telcos in the country you are traveling will give you low priority on their networks for data. This is understandable and even though the services are 3G only and you are most likely connecting to 4 G capable networks, I did find that at peak times (like the time of day you would book an Uber, Taxi, Hotel or AirBnB.) The series is so slow that you can’t get anything done at all. Ping tests 100 times slower than normal connection. Can’t even get to a google home page. Totally useless.
4. Average support – While contacting support gets you reasonably quick responses via email. You do need to have data to get email. What’s APP is free data, which leads the question. Why not enable free data for their APP and offer in app communications. As it stands you need the App to work to get support on getting the App to work. Crazy right!
On the two occasions that I contact support advising that my entire balance had been eaten up in a manner of minutes. I was once refunded the money when I advised that I was a new customer and just did not get the interface for the app to activate the daily plans. And in this I will restate that the App really is not user friendly at all. They really need to force choice options on you as you activate to say… hey use all your credit in minutes or using one of the normal persons options to roam all day.
The other time I experienced the “There Goes All yYour Credit” in a few minutes issue. Was as a result of the loss of connection then subsequent re-connection unbeknown to me a short time later. So my phone sat doing what my phone does, downloading email etc. All the time I believed I had no connection and was waiting to get WiFI access to sort out why I had no carrier signal after activating data.
I contact support with this second credit suck, and they pretty much said.. “Yep there goes your money, here is how to top up again”. As if I would put another cent into a services that just sucked down every penny I just fed it and gave me nothing in return.
So in summary… Reasonable Process, Quick Response to Support, Very Average App, Very Unreliable, at times Unusably Slow, Average Support Response. Stay Away from KnowrRaming.
Note that these are just my experiences and subsequently my opinion of the service. I probably may have had better experiences had I received better support the second time I had major credit suck. I do have work colleagues that use the services and sewer by it, but once bitten twice shy. They had the opportunity to turn me into a happy customer, and it was as simple as a “sorry, here is your credit back”.
Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list.
1. Open a PowerShell with Administrator rights.
That’s it. A Reboot of the Computer is required.
In our case the versions in question were found to be:
Outlook 2013 connecting to Exchange 2016 with MAPI over HTTP enabled.
The user reported that outlook was slow to open email, and unresponsive with searching in outlook.
The CTRL right click on the Outlook connection icon (bottom right) showed the connection was made with HTTP
It is reported that MAPI over HTTP which is a newer connection method of laterExchange servers and potential better and more reliable for devices connecting has some unreliabilities in some instances with earlier version of Outlook.
Our testing shows that later outlook versions and the Mac versions of outlook have no troubles at all.
IN Exchange 2016 it is possible to disable MAPI for a users mailbox. The issue this may have is that they could have other more recent devices such as phones and tablets that are enjoying the advantages of MAPI over HTTP. So rather than turning off MAPI for all their devices at the exchange server end. It is preferable to disable the connection on that users computer only.
This can be easily done using regedit.
Use the credentials for the Windows account that you defined in the agent properties.
The Registry Editor appears.
A new DWORD entry appears in the right pane.
The Edit DWORD Value dialog box appears.
The Microsoft Exchange Connection Status dialog box appears.
1. Download this file: MAPIoverhttp_disable.zip
2. Unzip the file
3. Double open the MAPIoverhttp_disable.reg file and it will add the above change for your.
Disabling MAPI over HTTP using Command Prompt.
1. Click Start RUN
2. Type CMD then hit ENTER.
3. Type or paste: REG.exe Add HKCU\Software\Microsoft\Exchange /V MapiHttpDisabled /T REG_DWORD /D 0x1 /F(Note that the above is one line that may wrap)
We can retrieve the current configuration using the first two commands, whilst the third one disables MAPI/HTTP and the final command enables MAPI/HTTP:Get-Item HKCU:\Software\Microsoft\ExchangeGet-ItemProperty -Path HKCU:\Software\Microsoft\Exchange -Name MapiHttpDisabled | select MapiHttpDisabled | Ft –AutoSizeNew-ItemProperty -Path HKCU:\Software\Microsoft\Exchange -Name MapiHttpDisabled -PropertyType DWORD -Value “0x1” –ForceNew-ItemProperty -Path HKCU:\Software\Microsoft\Exchange -Name MapiHttpDisabled -PropertyType DWORD -Value “0x0” –Force(Note that the above are all one line that may wrap)
For reference, Outlook 2010 connection information is show. Note that MAPI/HTTP is being used:
After disabling MAPI/HTTP using one of the above methods, reg.exe or PowerShell, we can then look to see how Outlook is connecting. Note that you may have to wait for Outlook to perform an Autodiscover request and automatically update itself, or alternatively run a profile repair to force a full Autodiscover. Deleting the Outlook profile would also force the change, but that is not recommend in production unless it is the last resort. Deleting Outlook profiles causes OAB downloads, OST downloads, possibly adding PST files back into the profile and may also impact mobile devices.
In the below screenshot we can se that the client is now kicking it old skool. The protocol type has changed, and there is now a proxy server specified. This was taken after restarting Outlook.
To allow MAPI/HTTP remove the MapiHttpDisabled DWORD, or set it to a value of 0 as shown below:
REG.exe Add HKCU\Software\Microsoft\Exchange /V MapiHttpDisabled /T REG_DWORD /D 0x0 /F
(Note that the above is one line that may wrap)