Hi friends:

It has been a while.

A company I used to deal with got notified today by WINHOST that they took their DNN site down:

Your account was found to contain one or more malicious files:

\controls\CountryListBox\Data\GeosIP.dat.aspx

\DesktopModules\Admin\Console\Setting.ascx.cs.aspx

\DesktopModules\Admin\Portals\SiteSetting.ascx.aspx

They have a site built with DNN 7.3.4.

I advised them previously that they should update to the latest version of DNN, but like many companies, they tried to maximize their ROI and reduce their expenses by staying with what they had (and frankly, what worked for some years).

Anyways, I tried searching here and on google for any threats having to do with those three files, but did not come up with anything.

I'm not sure how to approach WINHOST without evidence that those files are not compromised and need some guidance on whether they are TRULY insecure.

Obviously, if they are, the hosting provider has a basis for shutting the site down.

So I'm writing here to ask the community if they know whether this version is compromised, and if so, what can be done? It would appear that the whole 7.x branch has been archived, but is still available. Even so, would updating to 7.4.2 would even be an option.

Obviously, updating the site is something they should have considered. You can advise, but sometimes, customers don't listen.

So now they are in a pickle because their primary corporate site is offline.

I'm not sure if I will be able to address WINHOSTS security concerns. Obviously, I could probably help them get a copy of the site and put it up in a self-hosted VM, change the DNS settings and get them online with their current installation.

But it seems to me that perhaps the opportunity is to challenge WINHOSTS assertion that those files are indeed compromised.

I could use some advice.