A few weeks ago, I was contacted by a community member, who was facing the phenomenon in his multi-site DNN, that a couple of pages got deleted and this happened again and again - especially newly created pages. He provided me with Host access, I investigated settings and event log, but there was no obvious hole. For all few registered users, admins and passwords, he recently changed the password, that's it.
My first step was turning on DNN eventlogging for all relevant event log types (note: make sure, you are having all log types registered, especially upgraded sites sometimes are missing a few. You may ensure having the full list by downloading the full list and running it in Host > SQL). I also created a couple of default pages on a rarely used site within the DNN. After a few days, some of my recently created pages were moved to the recycle bin - which was logged in DNN Eventlog, interestingly usually just after updating page info and page settings, and with no user logged in and more or less the same hours of a day. This lead me to the scheduler and it's scheduled jobs - but according to the history, no job was executed around this time.
Using Host > configuration manager, I set LogForNet level to "All" (in file DotNetNule.log4Net.config) - but the log didn't really provide additional hints. Meanwhile, two of the pages got defaced by a hacker, which trilled me even more.
Finally, I requested the IIS log files from the hosting provider. According to the log files, the page delete was caused by different search indexing bots from google and others. Now I got puzzled and checked the pages, which got deleted - and now I noticed a fact, I had overlooked before: they had granted edit permission to "All Users" role and exposed the Control Panel to any visitor (I am still not sure, why, this had been applied by default to some of the test pages, I created). With the CP exposed, the spider followed all links, including "page settings" and "delete page" - ouch.
I wrote a little script to remove these permissions from pages, modules, folders and module definitions - which also makes sure, all necessary permissions are created for superusers, admins, registered users and visitors (it is available for download here). After I applied it, no page got deleted any more - Another support case solved successfully :)
PS: If you are not sure about permissions being granted for your pages, modules and folders, you might consider downloading the script and running it in Host > SQL.