DNN Administration

August 03, 2017

DNN Upgrades & Security Roundup August 2017

It is hard to believe that it has been a month already since my last post about DNN/Evoq Security. A lot has transpired since that last release. Some additional security releases and patches have come out. In the end, we are at a time where I believe we are past the storm, but I thought it would be good to revisit the recommended actions for users. (For those non-DNN/Evoq followers of this blog, hang tight, next week will be the start of lots of fun Entity Framework, .NET Core and similar content!)

June 30, 2017

June 2017 DNN/Evoq and Module Security Summary

The past week has been a bit hectic in the DotNetNuke/Evoq space. Four confirmed security vulnerabilities were identified that could impact existing installations, one last week and three this week. Sadly, many sites have already been exploited by these vulnerabilities, adding a bit more urgency to the situation. Although many people are aware of the situation we have found that not everyone knows what is going on, so we thought it would be prudent to share what we know about the situation. This information is being shared both on Mitchel's Technical Blog as well as our corporate website.

January 30, 2017

Finding Performance Settings in DNN 9.x

With the recent release of DNN Platform version 9.0.0 & 9.0.1 I have been an increase in the requests for updates to my prior guides on locating the important performance settings since everything has moved to different locations. A major overhaul of my Performance Whitepaper is underway, however, I wanted to take a little bit of time to run through key settings for those new to 9.x. Consider this a high-level walkthrough of key concern areas.

September 24, 2016

Properly Using DNN's Custom 404 Page

Recent issues with a few clients I have encountered some "unusual" behaviors.  Either a situation where we had an unusual redirect situation, or we had pages that were showing HTTP 200 (success) status responses when in all reality the page truly didn't exist.  In the end, we had an IIS customization configured to handle certain types of 404's that DNN wouldn't handle, such as those for missing images, javascript files, and more.  Nothing that we haven't done for quite a while.
May 26, 2016

Resolving Issues with Security Compromised DNN Sites

Yesterday I published a blog posting about a recently re-surfaced security vulnerability within the DNN/Evoq platform.  In that post, I provided the steps necessary to mitigate the risks associated with the exploit.  If you have not yet taken the steps listed in that posting, please be sure to take those steps immediately.  This posting is geared towards the proper auditing, review, and resolution of any issues that might be present on a compromised site.  Please note, even if you do not believe you were compromised PLEASE review the first section of this post to be sure.
May 11, 2016

Update to DNN/Evoq Url Redirect Provider for Multi-Portal Installations

One often overlooked free utility for DNN/Evoq are the open-source DNN Extension Url Providers. These providers are there to help with social URL's and URL redirects. The URL Redirect provider is a must-have solution for those migrating from other platforms into DNN as it provides a method to easily add complex URL redirects into your system for old URLS. Even for those that are working under the Evoq URL provider. I was made an administrator of this particular product more than 2 years ago, however, we haven't had much of a need to add features until today.
January 16, 2016

Preparing for Load Balancing Diagnostics a Retrospective

As web application become more complex, or as individuals demand better performance or reliability, the addition of more web nodes is very common.  For those with a technical background we can easily see the complexity that is introduced as we load balance our applications.  Simple tasks such as writing a file to the local file system have now become far more complicated tasks.  How are the servers getting their content?  Shared file system?  File Replication? (DFS, RoboCopy, etc.)  When things work beautifully, it is great, but when they don't it can be a nightmare.  In this post I want to share a few "lessons learned" as it relates to load balancing diagnostics.  The information contained in this post is specifically related to working within a DNN Installation, however, the same principals will apply regardless of the platform.

December 30, 2015

DNN/Evoq Scheduler: Setting Expectations

One of the fundamental features of the DNN/Evoq platform is the the internal "Scheduler" system.  Creating a Scheduled Job is an easy process, and something I have blogged about in the past.  However, I have been seeing more questions recently around what exactly is meant by the "5 Minute" Interval or other settings regarding the scheduler jobs.  The root cause is the differences in expectations versus what is possible.
November 20, 2015

Check Your DNN Configuration for Performance!

More than six years ago I created the first version of my  DNN Performance Best Practices guide.  This guide has been downloaded by thousands of people looking to get the best performance out of their DNN installations.  The guide has been the training tool I've used for new members of my staff, and it serves as the baseline for any new DNN installation that we work with.  However, in this post I want to draw attention to what has recently become a silent killer with regards to DNN performance.  

September 23, 2015

Fixing Failing DNN Scheduler DNN 7.3.x Issues

In the past few months I have had to work with various issues with DNN/Evoq sites not executing scheduler jobs.  A number of various blog posts as well as forum posts have been started on the issue, and all point to a similar issue with regards to case-sensitivity with the scheduler and the web server name.  I had a recent situation though where I had fixed all of the issues outlined but was still seeing an error.

January 27, 2015

Adopting a Performance Focus With Software Development

Over the past few years I have given a number of talks and written multiple blog posts on the topic of performance optimization as it relates to software development.  These postings have been very technical in nature and focus greatly on the problem solving aspects of application performance.  However as I review my presentations one of the most critical aspects of application performance is actually business organization and dedication to application performance.  In this post I would like to review the common approaches that I see within development teams and easy ways for management to encourage positive change to focus more on development.

November 17, 2014

Keeping Your DNN Website Clean: The Web.config

In the past 6 months I have been working on a large number of migrations from older versions of DNN to newer.  This blog post is going to be a first post in a series of posts around various activities that site administrators can do that will make future site administration easier.   Over time websites will have modules installed, modules removed, upgrades performed and other activities that can often leave lasting marks that only add confusion to things in the future.  Lets look at one area that can/should be cleaned on a regular basis and that is your web.config.
September 12, 2014

Understanding the Logistics of Moving Websites

Recently for a number of reasons I've been working with individuals that are taking a website and moving them from one hosting provider to another.  Sometimes these moves are taking the existing site as is, other times it is migrating to a "new site" at the same time.  However, after doing at least 10-12 of these in the past few months a few common points of "confusion" have come to light.  As such, due to popular request I'll lay out the basics of how to move a website from one hosting provider to another and discuss the component parts that are involved in such a move. Although a bit "off" from my normal development or performance topics this is still a very real thing for many people!

August 01, 2014

DNN Spam Registrations & You!

Recently there has been a lot of discussion in the community around DNN Spam registrations and methods and processes to prevent or fix the issues that are associated with them.  I've been debating on if/when I should actually write about this given that there is an Official DNN Software response on the issue, as well as many other community comments.  Well, tonight, while on vacation I had a server go down and guess what it was because of this very issue so I think its time to give my quick perspective and recommended action points for those of you that are running a DNN site.  These recommendations apply for ALL DNN versions!
July 06, 2014

Module Performance; Set Yourself Apart

With a plethora of modules on the market today, it is often hard for users to select the "right one" for their solution. Help yourself, and help your customers by setting your modules apart in one of the most important ways, performance. Not all DNN sites are large, not all DNN sites are small, that's the beauty of the platform. However, many modules & vendors ignore this major difference. Lets look as some simple tips & tricks to help us set our modules apart.

May 30, 2014

Improving Web Application Performance - Part Three Client Side Considerations

In the first two parts of this blog series we introduced the importance of defining metrics prior to starting any performance optimization activities and the importance of identifying any user or role based issues.  In this part of the series we start to dive into the actual optimization part of the process.  I will start by introducing key concepts to look for, and then we will review the tools of the trade that can be used to help identify trouble points.  It is important to note that the information contained in this post is 100% applicable to ALL server side languages, regardless of .NET, PHP, Java, or anything else you might select to use.
May 26, 2014

DNN Performance: Understanding ModuleCache and PageOutputCache

Over the past 4-5 months my company IowaComputerGurus has help to optimize the performance of more than 50 different DNN based websites.  This is a major uptick in performance related inquiries as compare to past years which is to be expected as website owners become more-and-more concerned about the performance of their applications. In the current era it is important for websites to be fast not only for the user experience, but also for placement within the Search Engines.  The faster the internet connections we get the more impatient our users are when it comes to waiting for our sites to load.  Depending on who you talk to you will see metrics that show page load times of anything greater than 3 seconds can lead to lost customers & revenue for your website.  What exact e"metric you are looking to meet is up to you, but regardless a DNN based site can still easily render in sub-second times with proper configuration & maintenance.  In this post we will look into two of the most commonly overlooked configuration elements for performance the ModuleCache and PageOutputCache.
April 11, 2014

Avoiding Performance Issues with Multi-Portal DNN

In the first 3 months of 2014 I have encountered multiple multi-portal DNN installations that have been suffering from severe performance issues.  In most cases these users had already followed the whitepaper recommendations that I have had published since early 2007 and the sites were still slowing to a crawl at best.  Digging in, each time I found that a single fundamental issue was the root cause, with a few other secondary considerations.  Given the popularity of DNN continuing to grow and the relative ease of Multi-portal configurations I though it would be important to share.
January 17, 2014

DNN's Display on All Pages an Alternative to Avoid Nightmares

One of the age old pieces of functionality within DNN is the ability to check that magical little box "Display on All Pages." This single action might seem like the best thing since sliced bread the first time you use it, and even for days after.  But fast forward a bit and get to a year or two down the road and you might be paying the price for this little "efficiency" in ways that you might not have though about.  In this post we will take a look at the goal, the good, the bad, and the alternatives to this long standing DNN feature.
January 20, 2013

Controlling DotNetNuke Static Logs

In the past I have blogged about various DotNetNuke performance and management issues, focusing on how to keep the Site Log, Event Log, and other database related functions in place. In this post, I'm going to take a look at a few other aspects, not all 100% DotNetNuke based, that should be closely monitored and addressed as well. For those of you that follow me on Twitter, my recent posting about clearing almost 40Gb of rogue data across servers is all part of what lead me to this posting.

September 24, 2012

Creating Custom DotNetNuke Module Categories

As part of one of the recent overhauls of the DotNetNuke interface the control panel was updated to include a "Category" selection that allows modules to be grouped logically into categories.  Out of the box a total of two categories are created "Admin" and "Common" with only the Text/HTML module included in the "Common" category.  In this posting I'll take a deeper look into this functionality and how you can create your own categories, and how to move modules around between categories to make administration even easier!
July 05, 2012

Security Exceptions After Moving .NET 2.0 DNN Site?

Over the past few weeks it seems that I have been doing more DotNetNuke site shuffles than I have in a long time.  From local -> production, from hosting provider a -> hosting provider b, and any combination therein.  This process is practically second nature for me as I've done it so many times.  However I had two sties that proved to be really troublesome so I though I'd share the root causes here in hopes that it might help someone!
June 26, 2012

Taking Control of the DotNetNuke WYSIWYG Editor

DotNetNuke by default uses the Telerik RadEditor as the rich text editor. It is a truly amazing product and one of the better WYSIWYG editors. Just like any editor though it does have some mannerisms that are not so welcomed by users. A little known fact within DotNetNuke is that you have a number of configuration elements available to help not only make the editor easier to use by removing un-needed items, but you can drastically improve functionality for super-users if so inclined and prevent issues when staging content etc. In this post I'll dive into a few of the key configuration items that I make to all new sites.

May 07, 2012

Development and Test DotNetNuke Installations and Search Engines

It is quite often that when working on a new version of a site that you will have a development, test, upgrade copy of the site that might be around for a while.  It is also possible that if you are working for a third-party that you might stage client sites on your server for a period of time before go-live.  At first glance this all seems common place and not something that you would be concerned about.  However, that is not the case.  Search engines have become overly aggressive in indexing sites, including those that have no direct back links but have been e-mailed to individuals or similar processes. In this post I'll discuss some important considerations when working with these "non-production" installations to help you ensure that search engines will NOT index the content and cause confusion.
May 04, 2012

DotNetNuke Login and Auto Complete - How to Cope

Recently I have been getting a lot of questions regarding the DotNetNuke login and why when you go to login that "auto complete" is disabled on the username/password fields.  The typical follow-up question to that is "how can I change that behavior".  So after answering this question individually around 5-6 times I though it would be best to get this out here, at least my opinion on the issue.
January 19, 2012

Improve Performance with Static File Caching

This post will be the first of what will be many posts with regards to application performance. After giving a number of presentations over the last 1-2 years, including one this evening in the Minneapolis/St. Paul area I've decided that some of these tips/tricks that I have with regards to improving application performance should really get put out here so people can find them and make the improvements to their applications. Going forward all of these posts will be categorized with at least the "Performance" category and then others that identify what systems are benefited by the changes. The subject of this post is Static Content Caching.

November 18, 2011

Understanding and Mitigating DotNetNuke Upgrade Risks

With all of the recent changes that have come to the DotNetNuke product in the past few years I have been seeing more and more situations where users have older installations that want to get to DNN 6.x to take advantage of the new features that are available with the latest version.  I can't say as I blame them the newest features are great and a true benefit to all that use them, however, the road to getting there isn't always as peachy as it might seem, as you often find people with upgrades that fail horribly.  This has been a common trend and some of the things that DotNetNuke Corporation has done really makes this process less error prone, but a bit portion of the "getting it right" upgrade process really falls in the hands of the site administrators that are going to be doing the upgrades.  That is the focus on this blog post, how can we as site administrators identify potential risks and then mitigate/resolve the issues on our own?

November 02, 2011

DotNetNuke 6.1.x Release and Warning!

As I'm sure that you have seen in the last day or so DotNetNuke 6.1.0 was released.  Overall, this release is a major improvement for DotNetNuke with enhancements to performance, support for mobile devices and other general upgrades.  However, I've already been alerted to a major, slightly hidden change that I wanted to be sure to put out here as a warning.

October 07, 2011

Securing a DotNetNuke Installation - Passwords

A while back I released a tool called Secure My Install that was designed to help people take existing DotNetNuke sites and change the way that they store passwords to use a more secure process.  Many people have used that module successfully to convert their sites, however, I never took the time to share the few small steps that are needed to simply "secure" your site as soon as you set it up so that you can avoid all of the hassle in the beginning.  In this post I'll walk through the simple process of changing your configuration to go from Encrypted Passwords to Hashed passwords and a bit of detail as to "why" you want to make the change.

September 07, 2011

Canonical Portal Alias Woes DNN 5.6.2

One of the additions to DotNetNuke 5.x (not sure when/where) was the ability for DotNetNuke to provide a Canonical URL in the meta information for your page.  When this all works well, things are going perfectly.  You can configure the site to use the Canonical URL via the "Admin Settings" page and normally all works well, but I had a very "interesting" issue with a site recently and I thought I'd share in case anyone else had a similar issue.

September 04, 2011

DotNetNuke 6.0.1 Performance And You

Now that DotNetNuke 6.x has been out for a while and with the recent release of DotNetNuke 6.0.1 while I was on vacation I thought I'd take the time to write a must requested blog post regarding my thoughts on the DotNetNuke 6.x platform and performance.  Keep in mind, these points are my own personal opinion and should be considered that only, so without further delay.

July 21, 2011

DotNetNuke 6.0 Extensions SnowCovered Integration

In my earlier blog post I mentioned that one of my favorite features of the new DotNetNuke 6.0 release is the ability to download and automatically install purchased extensions from SnowCovered within the installation.  In this posting I'll walk through the functionality as well as give my disclaimer and recommendation in regards to using this process.

December 31, 2010

Keeping User Passwords Secure in DotNetNuke

This article is being cross-posted from my business blog.

If you have been paying attention to the news in recent months you have most likely heard of a few cases where user information, such as Usernames and Passwords, have been exposed from some high visibility websites. Some of the more current leaks were with Gawker and Mozilla. For those that are unfamiliar the situation is pretty simple. These sites store user login information, usernames and passwords, that allow users access to their systems. Their systems were then breached and malicious users were able to get access to the information. Why is this something that I am blogging about in relation to DotNetNuke? Well without a bit of configuration your site could be at risk, should a malicious user get access to your system. This article will discuss a bit around how/why there is a risk and how that relates to DotNetNuke, then it will progress into an overview of the default configuration of DotNetNuke and the recommended changes to the system.

September 27, 2010

DotNetNuke 5.5.1 Update and POET Security Vulnerability

For just a little over a week there has been a lot of buzz in the .NET and DotNetNuke community around the POET security vulnerability that was identified within the Microsoft ASP.NET technology stack.  For those of you unaware of the true details on this vulnerability I highly recommend you read the initial announcement from Scott Guthrie from Microsoft, as well as his Frequently Asked Questions post, and lastly his secondary followup posting, with a more detailed workaround.  So why do I bring this up now?  Well late last week DotNetNuke corporation released DotNetNuke 5.5.1 and in the materials that went out with that release they note that it includes a workaround fix for this vulnerability, I wanted to make sure that as always people have ALL information needed before they are doing upgrades.

 

July 27, 2010

Running DotNetNuke with .NET 4.0

As more and more people start working with DotNetNuke, IIS7, and .NET 4.0 it is important to note a few important potential problem areas when it comes to running DotNetNuke on the 4.0 framework.  Recently I took a DNN 5.4.4 installation and tried running it under .NET 4.0 and without modifications, it was a complete failure, in this blog posting I will show you what needs to change to allow DotNetNuke to work as expected.

July 26, 2010

Selecting a DotNetNuke Hosting Provider 2010 Edition

In past blog postings I have provided what has become a bit of a "Guide to Selecting a DotNetNuke Hosting Provider." As with previous years it is about that time where there have been enough changes in the market and to DotNetNuke in general that I thought it was necessary for a 2010-2011 version of this information. In this article I will talk though the thought process that I use when working with current and potential customers to select their hosting plan, environment and provider. This document has been updated based on current information, in addition, prior to going through the recommendations below I strongly recommend reading my article “Shared, Virtual Private Server, Dedicated of Cloud Hosting” to become familiar with the different levels of hosting and also to review my "DotNetNuke Performance Configuration Best Practices" document to ensure that your DNN hosting plan is up to date.

July 07, 2010

Reducing a DNN Site's Production Footprint

One of the most common questions that I get from users when it comes to deploying to deploying a DotNetNuke site is "DO I REALLY need all of those files?". My typical answer is something along the lines of yes and no. In this blog posting I want to talk in a bit more detail about some of the processes that I go through when installing a clean DotNetNuke installation and how I keep the footprint down on the disk space.

June 22, 2010

DotNetNuke Growing Pains and You, How to Cope

I have had this blog posting all ready to go now for a good three to four weeks, but have been in deep internal conversation in regards to the posting of the article.  I have decided that more than anything posting this publicly might stop some of the e-mails that I get bombarded with each and every day that start out with "what do I do" or "do you still believe in DNN".

Before I start the post I am NOT in any way, shape, or form pointing fingers or expressing any displeasure at the platform or any of the members involved.  I am still a DotNetNuke core team member, I believe fully in the platform, and I will continue to adopt and recommend usage of the platform for the foreseeable future.  The point of this post is very simple, to talk about what has been going on in the DotNetNuke community and my opinions on how to manage expectations and cope with the situation.  Please remember the disclaimer that is posted at the bottom of this blog, these thoughts are mine and mine alone.

April 26, 2010

Creating a Custom Registration Page With DotNetNuke 5.2.3 and Later

Users that are familiar with DotNetNuke administration are most likely familiar with the old way of creating a custom registration page within a DotNetNuke portal.  It was as simple as adding a new page, putting the modules you desired on the page including the "User Account" module to get the actual registration functionality.  From there a simple change in "Site Settings" for the "User Page" and you are set to go!  Well, for those of you working with DNN 5.2.3 and later (Possibly previous 5.x versions as well, I'm not 100% sure when the change was) will find out that the module definition I mention is no longer listed?  What do you do now?

March 23, 2010

The DotNetNuke Object Qualifier - Why I Think it is Evil

For those of you that have seen my comments on the DotNetNuke forums, my book, or the forum here on this site, you more than likely have noted my consistent notes that I recommend avoiding the "ObjectQualifier" setting within DotNetNuke at all costs.  Most of the time I have simply put, I don't use it and recommend that you don't either, but have not given a very detailed explanation as to why I'm not a fan.  Below I will share with you what the ObjectQualifer is, why it was created, and why I don't recommend using it.

December 02, 2009

Potential DNN 5.2 Upgrade Issues

After talking with a number of clients since last week, I thought it would be worthwhile to make a post here with a formal warning regarding upgrades to DotNetNuke 5.2.  As announced at OpenForce US, DotNetNuke 5.2 contains the Telerik Controls for ASP.NET, which is a very good thing for DotNetNuke as a whole, however, it can cause massive problems for individuals that are already using the Telerik Controls as a site upgrade can end up rendering portions, or the entire site unusable, until DLL versions are restored.  In this post I will give a bit of information regarding the scenarios that I have encountered and some guidance on how to protect yourself from upgrade issues.

October 30, 2009

Selecting a DotNetNuke Hosting Provider 2009 Edition

Back in May of 2008 I wrote an article “Selecting a DotNetNuke Hosting Provider Revisited”. Well, being almost a year-and-a-half later I thought it would be good to provide a 2009-2010 follow-up to the article to update based on new information, updates to hosting plans/offerings, as well as DotNetNuke performance in general. In this article I will talk though the thought process that I use when working with current and potential customers to select their hosting plan, environment and provider. This document has been updated based on current information, in addition, prior to going through the recommendations below I strongly recommend reading my article “Shared, Virtual Private Server, Dedicated of Cloud Hosting” to become familiar with the different levels of hosting.

October 14, 2009

DotNetNuke Bulk Extension Installation

About two months ago, I responded to a DotNetNuke question on StackOverflow.com with regard to automating the installation of modules within the installation.  This is a question that I have seen many times, but with different business requirements and end desires, but the trend is the same, installing extensions one-by-one is an inefficient process, and with a heavily used site can cause performance issues that would impact regular traffic for an extended period of time.  This is simply because there is a delay between each install, and with each install and update to the /bin directory the application recycles.  Thankfully there is a method built into DotNetNuke that easily allows you to bulk install extensions, the rest of this article will show you how.

February 18, 2009

Explaining High Performance DotNetNuke Configuration and Management

My recent postings regarding DotNetNuke have been very popular among the community and each of them have covered specific aspects of performance improvement. However, none of them have gone through the full collection of "performance optimizations" that are possible. This article is going to summarize the items from the existing articles and will try to explain some additional, bigger picture elements that come into play, and considerations that must be thought of during any site configuration.
February 06, 2009

DNN Performance Tip: Disable Unused Auth Providers

One of the most common questions I get regarding DotNetNuke performance is; "Why is the DotNetNuke login so slow?".  Well there are a number of reasons, but one of the most common issues is that every time you visit the login page it has to determine which provider to show you.  If you are using multiple providers, there is not much way around this.  However, if you are running a site that is NOT using any other providers, you have some options to really help speed up the performance of your login page.

View the full article for details.

January 05, 2009

How I Get My DotNetNuke Sites To Run So Fast

One of the most common questions that I get via the forums on this site, or via e-mail is "How do you get your sites to run so fast".  Although not perfect, my sites typically run a bit faster than your average DotNetNuke sites.  Previously I have kept the exact specifics of my changes to myself, however, with a little encouragement from the community I have decided to share the full context of the changes that I make to a default DotNetNuke installation to get better baseline performance, as well as extra items that I do to help when I really need that "boost".

Content provided in this blog is provided "AS-IS" and the information should be used at your own discretion.  The thoughts and opinions expressed are the personal thoughts of Mitchel Sellers and do not reflect the opinions of his employer.

Content Copyright

Content in this blog is copyright protected.  Re-publishing on other websites is allowed as long as proper credit and backlink to the article is provided.  Any other re-publishing or distribution of this content is prohibited without written permission from Mitchel Sellers.