Overview of the Situation:
On 9/8/2020, there were multiple attacks perpetrated on tdicinsurance.com, taking the site dow
IT is investigating to determine the root cause; the information Catherine and I have received thus far points to a Telerik vulnerability as the entry point. It appears the site was hacked but there was no data dump. The top concern is malware and user vulnerabilities.
Assessment from 10 Lb:
TDIC is on a version of DNN that is right in the middle of many security vulnerabilities; 10 Lb said “right in the middle of the worst.” The top priority is upgrading the site to the most recent version of DNN.
...
Set up clean instance of TDIC from an older backup, with no content
Remove any problematic modules; upgrade those that can be upgraded
Export PackFlash content into Easy DNN News or other secure module
Upgrade DNN
When the site is upgraded/stable, import the content and assets
Next Steps:
Today (9/9):
Mark is contacting Geoff to get the oldest backup possible of the site and will create a new instance on his local machine
Chris will identify and create a list of all modules used on the TDIC site and work with Mark to recommend which ones should be phased out or upgraded. In particular, Chris will be identifying the use of the PackFlash modules (TDIC uses multiple types of PackFlash modules).
This week and weekend:
Mark will prioritize and Chris will work through the audit of the modules to recommend which ones should be phased out or upgraded. Due to the severity of the situation they will be prioritizing this work and will work through the weekend so they can get us an estimate and timeline of next steps by Monday (or early next week, depending on the audit). They will keep us updated about their findings.