We are facing some strange behaviour with DotNetnuke 7.4.0 installation. Some months ago, there was an attack to our website / installation through InstallWizard.aspx ("2016-06 (Critical) Unauthorized users may create new SuperUser accounts") - see details at: http://www.dnnsoftware.com/community/security/security-center
There were some thing done after the attack - we've copied clean installation over the existing files (there were no CORE modifications from our side - we've developed some custom modules, as usual). What we are facing now is, that from time "DEFAULT USER DATA - UserId = 0" is missing in aspnet_Users table. The consequence is, that we're unable to login with that account.
So, what we are doing is, that we re-fill data in aspnet_Users table (ApplicationId, UserId, UserName, LowereduserName, MobileAlias, IsAnonymous, LastActivityDate). Everything is OK after that, but we are afraid that this will happen again.
Once again, there were no CORE modification, there are no additional HOST accounts created, everything is OK with SQL base users. All other users has no issues with login, there are problem just with HOST account. All other functionalities are OK..
Did someone came across with the similar issue? It looks like out DotNetNuke instance is still infected..
Thank you for you time and answers!