DotNetNuke DNN Spam Registrations Problem Fixed

DotNetNuke DNN Sites getting spam registrations – How to stop them

In recent weeks, many of our DNN websites have systematically been targeted for Spam New User Registrations. There has been some discussion around the how and why, and as much as we can tell, the problem is this:

1. Some script kiddy has bothered to write a bot that finds DNN websites. It is not even a good bot, because it is not capable of validating registrations to automated active email addresses. (If you are the creator of the bot… “YOU ARE DOING IT WRONG” as it is not going to bring the Google results you are looking for.)

2. The bot will attempt access to:  www.yoursite.com /?ctl=Register 
 ?ctl=Register

3. This brings into play the default DNN registration process module.

4. This page is currently available if your site has either Public or Verified registrations enabled.

5. Tricks on derating the bot by raising the password complexity appeared to work a short time only.

6. Enabling the inbuilt Captcha is as good as useless, as almost any OCR application can break it.

7. A better simple solution is needed.

 

ReCaptcha is the FIX that is working well

Here at InteractiveWebs, we decided that we would enable Recapcha (a cleaver Google Initiative https://www.google.com/recaptcha/ ) that is harder to be machine broken, and test the results. We found that all the spam registrations stopped once Recaptcha was used.

To do this we created two Free DNN Modules to add Recaptcha to the URL that this bot is using to register on sites. The two modules are to support DNN 6.2 +  and 7x +.

The modules replace the standard captcha control to a recaptcha

From this:

DNNCaptcha

To this:

DNN Spam Registration Stop

This is a good link explaining how Recaptcha came into existence, and why it works well: https://www.youtube.com/watch?v=cQl6jUjFjp4

The Free Solution and Installing iWebs Regsiter

The free modules are available of download here: http://www.interactivewebs.com/DotNetNukeModules/ModuleDownloads.aspx

To install them and fix your site you will need to follow the instructions below:

Step 1 – Register your site for Recaptcah

Go to: https://www.google.com/recaptcha/intro/index.html  and register your domain, or domains. This will give you the ability to use recaptcha on your DNN sites on any domain you like.

DN Google Recaptcha

Step 2 – Copy the Public Key and Private Key for your Domain

You are going to need they keys that this site provides:

DNN Recaptcha Keys

Similar to these.

 

Step 3 – For you DNN site, Turn on the DNN Captcha system.

ADMIN>>SITE SETTINGS>> USER ACCOUNT SETTINGS>>  “Use CAPTCHA for registration” Ticked.

DNN Enable Captcha

Step 4 – Download and Install iWebs – Register

Install our “iwebs- register” module, making sure you pick the one that is for your DNN version.

  • DNN 6.2 And laters: iWebsRegister 62.6.3.0 PA.zip (at time of writing this)
  • DNN 7 and later:  iWebsRegister 72.7.1.0 PA.zip (at time of writing this)

Once installed, you need to add the module to a page as you would any other. We recommend adding it to it’s own page in the DNN Admin menu, and keeping the page Admin Only.

DNN Recaptcha Module Downlaod DNN Recaptcha Module

Step 5 – Configure the iWebs Register Module.

The module you are looking for is called: iWeb’s – Register – You can select the Settings from the module drop down as you would any other DNN module.

DNN Module Settings

 

Enter the Public Key and Private Keu information that you received from your Google Recaptcha registration of your domain. THEN SELECT UPDATE to save the information.

DNN Captcha Settings

Step 6 – Install the Register Control

After saving your public and private keys by clicking “update” you are ready to:

Click on the “Install Register Control”

This will inject the recaptcha setting into your website. So when you hit any registration URL (www.yoursite.com /?ctl=Register) you now get the recaptcah box.

 

To Remove and Uninstall

Step 1. From the iwebs – Register module settings, click the “Restore Register Control”

DNN Remove Recaptcha

2. Uninstall the iwebs – Register module as you would any other DNN module.

 

Thoughts

This was a quick solution to some script kiddies attempt to attack DNN. I’m actually struggling to find the purpose (if you wrote the bot and you are reading this, I would love to hear why).  There is little threat by the registrations that I can find. More annoying that anything else. While Recaptcah can be broken, it would take some smarts or costs to use online services for the bot, so I suspect they will not bother and recaptcha will reign for this problem. In any case, if they spend some time and effort making the bot work for recaptcah, it is easy enough for us to implement some of the loads of other solutions available to stop them.

Donations

We included a donation button. If you find the solution, blog, research we did, modules we created and responses we provide to be helpful. Please consider throwing us a few $

Font Icons Not Displaying in Internet Explorer IE 9 / 10

With the Bulk Emailer application we have used font icons to improve response and scalability with different devices. So far we have been happy with how they work using some boot strap code that is used for our user interface.

What we have noticed, and it’s no big surprise… Internet Explorer 9 and IE 10 will not display font icons correct.

What you should see is this:

image

But ends up rendering like this:

image

The Problem is WOFF Fonts on IIS

For IIS 6 and later, they do not handle WOFF fonts as icons for Internet Explorer. Most other browsers will support them, however IE like usual will behave like a black sheep.

There appears to be two solutions to this problem.

Solution 1 – Adding a MIME type to Internet Information Server IIS

Add the following MIME type to the IIS server settings.

  • .woff application/x-woff
    1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

    2. In Features View, double-click MIME Types.

    3. In the Actions pane, click Add.

    4. In the Add MIME Type dialog box, type a file name extension in the File name extension text box. For example, type .xyz.

    5. Type a MIME type in the MIME type text box. For example, type application/octet-stream.

    6. Click OK.

image

Solution 2 – Adding some code to the web.config

A lot of people don’t have access to configure IIS in DotNetNuke, so you can add the following to the web.config.

Under the yellow below add the green lines

<system.webServer>
    <staticContent>

       <mimeMap fileExtension=”.woff” mimeType=”application/x-font-woff” />
    </staticContent>
  </system.webServer>

This should get you out of trouble.

Bulk Emailer–Customer Review

image

I wanted to place this review on the DNN store but there is no review button in my download page for your product. It may be because it is an old order or product version. Please would you turn it on so I can post it and feel free to post it with my name on your site.

Regards

Richard Sletcher

If you have not yet used the InteractiveWebs email module you don’t know what you are missing. It is spectacular. The system is vast and would require a manual to list all the super cool features but let me give you some of my highlights.

  1. The user interface is clean and extremely user friendly.
  2. You are able to send SMS and email
  3. The inclusion of MyTokens allows you to personalize at a whole new level. Let me rave for a moment…

Imagine you have a list of restaurant clients containing FirstName, LastName, BirthDay, FoodPreference. You could send out an email like this…

Dear [MyToken:FirstName]

Your birthday is coming up in [MyToken:DaysToBirthday] and we would like to help you celebrate by offering you a 20% on [MyToken:MealPreference]. 

Regards

Richard

… Get the idea?

The best part is that you can automate the entire process. You simply build a list of all people having a birthday in 5 days time and then tell the email to run every day. Each day the system builds a list of people with upcoming birthdays and sends an email or SMS all driven from your internal data. 

  1. You can schedule the emails to run in intervals as small as a seconds apart and as large as a years apart.
  2. And the best of all… The InteractiveWebs team is totally on the ball when it comes to support.

OK… ENOUGH! 

This is a killer module and I recommend that you take the time to try it out.

Richard – one seriously happy InteractiveWebs customer!

DotNetNuke Microsoft Silverlight pivot module web.config changes.

image

During the installation of the DotNetNuke Microsoft pivot module, it is necessary to several changes to be made to the web.config file. These changes allow the Silverlight pivot technology to operate on the DotNetNuke website.   
    
We have automated the installation process to automatically update the web.config file during the installation of the module.

Please remove the following things under <system.web>

<add verb="*" path="*.cxml" type="iwebs.Modules.Pivot.CXMLHandler,App_SubCode_Pivot" validate="false"/>

<add verb="*" path="*.jpg" type="iwebs.Modules.Pivot.TileHandler,App_SubCode_Pivot" validate="false"/>

<add verb="*" path="*.dzc" type="iwebs.Modules.Pivot.DZCHandler,App_SubCode_Pivot" validate="false"/>

<add verb="*" path="*userprofile.aspx" type="iwebs.Modules.Pivot.ProfileHandler,App_SubCode_Pivot" validate="false"/>

   Also the ones under </system.webServer>

<add name="CXMLHandler" verb="*" path="*.cxml" type="iwebs.Modules.Pivot.CXMLHandler,App_SubCode_Pivot" validate="false" preCondition="integratedMode"/>

<add name="JPGHandler" verb="*" path="*.jpgx" type="iwebs.Modules.Pivot.TileHandler,App_SubCode_Pivot" validate="false" preCondition="integratedMode"/>

<add name="DZCHandler" verb="*" path="*.dzc" type="iwebs.Modules.Pivot.DZCHandler,App_SubCode_Pivot" validate="false" preCondition="integratedMode"/>

<add name="ProfileHandler" verb="*" path="*userprofile.aspx" type="iwebs.Modules.Pivot.ProfileHandler,App_SubCode_Pivot" validate="false" preCondition="integratedMode"/>

<add name="TileHandler" verb="*" path="*_files/*/*_*" type="iwebs.Modules.Pivot.TileHandler,App_SubCode_Pivot" preCondition="integratedMode,runtimeVersionv2.0"/>

Understanding Web-Safe Fonts / Web Friendly Fonts

imageWe have often receive lots of questions about Web-safe fonts, or web friendly fonts. We have products that work with technologies like Microsoft Word, and publish back to websites like DotNetNuke. (DNN Word Editor)

The issue is that not all fonts will work on all browsers on all computers. Here is the reason why.

Web-Safe Fonts

There are an awful lot of fonts in the world! For years, no doubt, you’ve been using a ton of them in word processing documents, party invitations, banners, etc. But have you ever noticed how few of them are used on the web?

There’s a really good reason for this. When a web page loads, the browser is told to write text onto the screen using a specified font—one that is stored on the computer that the browser is running on. Therefore, if the web page’s code is calling for a font that a user does not have installed on their computer, it won’t show up! What that person will instead see is a default font, which might look a little ugly.

Now you might be wondering why this will happen so often if there are so many fonts installed on your computer. Well, here’s the problem: the two most widely-used operating systems—Windows and Mac OS X—each come installed with a different set of fonts. Awesome!

To illustrate this point, here’s where the fonts are stored in Windows 7:

image

And here’s where they’re stored on Mac OS 10.6:

image

Right away, we can see that only one of the displayed fonts overlaps: Arial. None of the Calibri orCambria fonts are available on the Mac, and the Mac has at least a dozen just on this page that aren’t available in Windows!

In fact, between these two systems, there are only ten fonts that overlap:

image

Those fonts that fall into that middle area, covered by both operating systems, are what we callweb-safe fonts. If you use Calibri on your webpage, Mac users won’t see it; if you use Andale, Windows users won’t see it; but if you use Georgia, you can rest assured that users of both systems will see the it.

Now there’s a bit of grey area here. Users of older operating systems don’t have some of these fonts we’ve declared web-safe. For example, Windows XP users don’t have Palatino or Trebuchet MS. Even worse, users of Android mobile phones don’t have any of these fonts.

So to be clear, there are only five fonts that are considered universal:

  • Arial
  • Courier New
  • Georgia
  • Times New Roman
  • Verdana

Feel free to use these fonts all you want! Even if you dug up that old Packard Bell you had back in 1997 and it didn’t explode when connected to the modern web, you’d be able to see these fonts rendered as intended. Those Android users will just have to fight for themselves.

Web Safe Fonts Table

image

*The green marks show very common fonts, the yellow shows not so common but all are generally accepted as web safe.

So, what happens when the font fails?

Your text will still be visible, but the browser will use whatever default font it supplies for situations like this. This means that you may have intended to use a cute, scripty font, but what you get is

Your text typed in a regular serif font.

This is good because your content still goes through, but your design might be compromised. Therefore, you should always specify fallback fonts and a category that the font falls into. Let’s say that you want to use Helvetica, but you’ll settle for Arial. Since both of these fonts are considered to be sans-serif fonts, you can write a CSS declaration like this:

{ font-family: Helvetica, Arial, sans-serif; }

The browser will first try to use Helvetica, and if it’s not installed, it’ll attempt to use Arial. If even that font is not available, it’ll use whatever default sans-serif font the browser likes, but at least it’ll be the correct type of font!

For more information about coding fallbacks, alternative methods to using non-web-safe fonts, and everything typography related, you can pick up a copy of our Web Typography Handbook. It’ll tell you everything you need to know.