Learn More





DNN Community Blog

The Community Blog is a personal opinion of community members and by no means the official standpoint of DNN Corp or DNN Platform. This is a place to express personal thoughts about DNNPlatform, the community and its ecosystem. Do you have useful information that you would like to share with the DNN Community in a featured article or blog? If so, please contact .

The use of the Community Blog is covered by our Community Blog Guidelines - please read before commenting or posting.

The Mystery of the Vanishing Website Pages

A few weeks ago, I was contacted by a community member, who was facing the phenomenon in his multi-site DNN, that a couple of pages got deleted and this happened again and again - especially newly created pages. He provided me with Host access, I investigated settings and event log, but there was no obvious hole. For all few registered users, admins and passwords, he recently changed the password, that's it.

My first step was turning on DNN eventlogging for all relevant event log types (note: make sure, you are having all log types registered, especially upgraded sites sometimes are missing a few. You may ensure having the full list by downloading the full list and running it in Host > SQL). I also created a couple of default pages on a rarely used site within the DNN. After a few days, some of my recently created pages were moved to the recycle bin - which was logged in DNN Eventlog, interestingly usually just after updating page info and page settings, and with no user logged in and more or less the same hours of a day. This lead me to the scheduler and it's scheduled jobs - but according to the history, no job was executed around this time.

Using Host > configuration manager, I set LogForNet level to "All" (in file DotNetNule.log4Net.config) - but the log didn't really provide additional hints. Meanwhile, two of the pages got defaced by a hacker, which trilled me even more.


Finally, I requested the IIS log files from the hosting provider. According to the log files, the page delete was caused by different search indexing bots from google and others. Now I got puzzled and checked the pages, which got deleted - and now I noticed a fact, I had overlooked before: they had granted edit permission to "All Users" role and exposed the Control Panel to any visitor (I am still not sure, why, this had been applied by default to some of the test pages, I created). With the CP exposed, the spider followed all links, including "page settings" and "delete page" - ouch.


I wrote a little script to remove these permissions from pages, modules, folders and module definitions - which also makes sure, all necessary permissions are created for superusers, admins, registered users and visitors (it is available for download here). After I applied it, no page got deleted any more - Another support case solved successfully :) 

PS: If you are not sure about permissions being granted for your pages, modules and folders, you might consider downloading the script and running it in Host > SQL.


Hi Sebastian

Many thanks! A customer of mine also complained about broken links which appeared to be the result of deleted pages. Now I know what causes it (not an editor issue). It seems to me like a major issue. I didn't find the bug (yet) in the bug tracker, am I right ?

Tychodewaard Monday, October 05, 2015 3:24 AM (link)
Joseph Craig
Thanks. I've heard reports about this happening before, but never had the chance to track down the cause.

I'll certainly remember this!
Joseph Craig Monday, October 05, 2015 10:08 AM (link)
Richard Howells
Good detective work Sebastian. Thank you for writing it up.
Richard Howells Monday, October 05, 2015 12:13 PM (link)
Jacques Woolston
A mistake easily made by Admins and difficult to get to the bottom of... I've had this one before!
Jacques Woolston Monday, October 05, 2015 12:31 PM (link)
Sebastian Leupold
it is not really a bug in DNN - the system behaves like this to anyone, who is granted edit permission for a page or module.
However, we might improve security by disable the option to grant edit permission to "All Users" or "Unauthenticated Users" roles.
Sebastian Leupold Monday, October 05, 2015 12:35 PM (link)
Sebastian Leupold
PS: My AdjustPermissions script fixes a couple of these permission issues - it shouldn't hurt to apply it to any of your DNN installations, if you are not sure, whether all permissions are properly assigned :)
Sebastian Leupold Monday, October 05, 2015 12:37 PM (link)
Erik Hinds
I can't think of any scenario where you would give any unauthenticated visitor edit rights to a page. In my opinion, this option should not even exist. Does anybody have a valid use case for this? I'd be interested to hear it.
Erik Hinds Tuesday, October 06, 2015 10:16 AM (link)
Sebastian Leupold
Erik, for my test pages, I just clicked "create page" and entered a name - as written above, atm I have no clue, why edit permission was granted to "All Users" role.
Sebastian Leupold Tuesday, October 06, 2015 10:31 AM (link)

Comment Form

Only registered users may post comments.


2sic Daniel Mettler (125)
Aderson Oliveira (15)
Alec Whittington (11)
Alex Shirley (10)
Andrew Nurse (30)
Anthony Glenwright (5)
Antonio Chagoury (28)
Ash Prasad (22)
Ben Schmidt (1)
Benjamin Hermann (25)
Benoit Sarton (9)
Beth Firebaugh (12)
Bill Walker (36)
Bob Kruger (5)
Brian Dukes (2)
Brice Snow (1)
Bruce Chapman (20)
Bryan Andrews (1)
cathal connolly (55)
Charles Nurse (163)
Chris Hammond (203)
Chris Paterra (55)
Clinton Patterson (28)
Cuong Dang (21)
Daniel Bartholomew (2)
Dave Buckner (2)
David Poindexter (3)
David Rodriguez (2)
Doug Howell (11)
Erik van Ballegoij (30)
Ernst Peter Tamminga (74)
Geoff Barlow (6)
Gifford Watkins (3)
Gilles Le Pigocher (3)
Ian Robinson (7)
Israel Martinez (17)
Jan Blomquist (2)
Jan Jonas (3)
Jaspreet Bhatia (1)
Jenni Merrifield (6)
Joe Brinkman (270)
John Mitchell (1)
Jon Henning (14)
Jonathan Sheely (4)
Jordan Coopersmith (1)
Joseph Craig (2)
Kan Ma (1)
Keivan Beigi (3)
Ken Grierson (10)
Kevin Schreiner (6)
Leigh Pointer (31)
Lorraine Young (60)
Malik Khan (1)
Matthias Schlomann (15)
Mauricio Márquez (5)
Michael Doxsey (7)
Michael Tobisch (3)
Michael Washington (202)
Mike Horton (19)
Mitchel Sellers (28)
Nathan Rover (3)
Navin V Nagiah (14)
Néstor Sánchez (31)
Nik Kalyani (14)
Peter Donker (52)
Philip Beadle (135)
Philipp Becker (4)
Richard Dumas (22)
Robert J Collins (5)
Roger Selwyn (8)
Ruben Lopez (1)
Ryan Martinez (1)
Salar Golestanian (4)
Sanjay Mehrotra (9)
Scott McCulloch (1)
Scott S (11)
Scott Wilkinson (3)
Scott Willhite (97)
Sebastian Leupold (80)
Shaun Walker (237)
Shawn Mehaffie (17)
Stefan Cullmann (12)
Stefan Kamphuis (12)
Steve Fabian (31)
Timo Breumelhof (24)
Tony Henrich (3)
Torsten Weggen (2)
Vicenç Masanas (27)
Vincent Nguyen (3)
Vitaly Kozadayev (6)
Will Morgenweck (37)
Will Strohl (163)
William Severance (5)
Try Evoq
For Free
Start Free Trial
a Demo
See Evoq Live
Need More Information?