Sitefinity 4.2 constantly getting hacked
I have a site that keeps getting hacked and I have gone through all the security blogs and implemented everything suggested. Are there any know vulnerabilities regarding script injection or posting of data that someone could share to help me stop this. I've looked through the IIS logs and Sitefinity logs and don't see anything that stands out other that web crawlers. I have the database in read-only at this point to stop it but obviously that's not a solution.
Can you please provide some additional information on what do you mean by saying that your Sitefinity website is hacked? What is the misbehavior you are observing and the exact issues you are experiencing which leads you to think that your website has been hacked?
They are somehow able to update the content with urls, text etc. on all pages that eventually causes the error people often get below. I have to restore an older good copy of the DB for the site to work again. When I look at the content tables all pages are appended to. Somehow they are able to save that even though I have altered all passwords, commit privileges etc. Also this IIS instance has lots of other sites that operate with no problem so it is definitely related to Sitefinity.
Invalid root node configured for pages. No root node with the name of "FrontendSiteMap".
Regarding the error message "Invalid root node configured for pages. No root node with the name of "FrontendSiteMap"", can you please take a look at the following KB article for more details about the cause for the issue and check the suggestions there.
Did you read any of the previous posts? The site is being hacked and content is being added to pages causing that generic error. I know what is causing the issue, the question is how are they doing it.
Just go hacked again. They were able to edit the sf_list_items table and change the app_name column before I was able to stop the site.
Example of edited field:
/Lists</title><style>.aqqqposition:absolute;clip:rect(431px,auto,auto,406px);</style><div class=aqqq><a href=http://genericcialisasui.com >is cialis available in generic</a></div></title><style>.aqqqposition:absolute;clip:rect(431px,auto,auto,406px);<
2 previous posts are not showing