Umbraco is magically reverting to "Looks like there's more work to do"

Question

I have a client and he has reported that 5/6 times, the website has somehow returned to unpublished mode. We are unsure what could be causing it and generally it will happen when no one is working on the website at all. They do have some people who have in the past and may still have malicious intentions with regards to bringing the site down (so this could also be an issue).

1. Are there any known security issues in Umbraco whereby a user could malicious unpublished the entire website?

2. Are there any bugs in Umbraco that could cause this to happen?

3. Does Umbraco check the Database for published flag, or does it just check for the existence of the XML file before choosing to show the "there is more work to do" message?

Answer 1

Umbraco will show this page if it is unable to connect to the database.

In older versions of Umbraco, once this had happened the site would remain in this state until it was republished - this seems to have been fixed (I'm not sure from which version). If you are suffering from this and upgrading isn't an option, then a workaround is to place the following code in the top of /config/splashes/noNodes.aspx:

<script runat="server">    
    protected void Page_Load(object sender, EventArgs e)
    {
        Server.ScriptTimeout = 100000;
        var cacheFile = IOHelper.MapPath("/App_Data/umbraco.config");
        try
        {
            var r = XmlReader.Create(cacheFile, new XmlReaderSettings() { DtdProcessing = DtdProcessing.Ignore });
            var d = new XmlDocument();
            d.Load(r);
            var n = d.SelectSingleNode("//root");
            r.Close();
            if (n.ChildNodes.Count == 0)
            {
                Response.Write("Republishing Site......");
                Response.Flush();
            }
            else
            {
                Response.Write("Site Was Already Published......");
                return;
            }
        }
        catch (Exception ex)
        {
            Response.Write(ex.Message);
            Response.Write("Cache missing, republishing.....");
            Response.Flush();
        }

        Document.RePublishAll();
        library.RefreshContent();

        Response.Write("Completed");
        Response.Flush();

        Response.Redirect("/");

        Response.End();
    }
</script>

(This code wasn't originally mine - I can't remember where I got it from). The code attempts to republish the site so that as soon as the database connection becomes available again the site comes back up.

You may also want to edit the content of /config/splashes/noNodes.aspx to show your users a site maintenance or error message which is more appropriate.

Are you aware of any planned database maintenance around the time your client's site suffered from this? If not, you may need to take a look at their hosting.

Answer 2

I'd echo everything that Digbyswift said, in addition, are the site pages actually showing as unpublished in the back office? If they still appear to be published (i.e. they aren't greyed out) but they aren't showing on the front end, then someone may have set an un-publish date in the properties tab. If it's greyed out, then someone physically unpublished it, probably through the back office).

If it's showing up as published, but nothing is on the front end, it's also possible that something has gone wrong with the cmsContentXml table. When this occurs, check that there are records in this table. If there aren't, the site will think its empty, because the site XML cache gets rebuilt from this table on site start up. If the table is empty, someone or something is clearing it that shouldn't be.

If you suspect a malicious user, reset ALL passwords for the system (back office users, AND database) and ensure that everyone who has access to the CMS has their own username and password (and ensure that they don't know each other's details), that way you'll be able to pin changes down to specific users using the audit trail.

Answer 3

The message you are referring to exists in the /install/noNodes.aspx file.

This would point to the fact that the site or at least the homepage of the site is unpublished. This would indicate that either someone or a process is unpublishing the site or homepage. First, I would check that there isn't an 'unpublish' date set on the homepage in the 'Properties' tab.

Also check the Umbraco logs to check who is unpublishing which nodes and when. You will also be able to check the audit history of the homepage too to see who edited it.

If you suspect malicious intentions, then you need to nail down your own security certainly before considering security issues with Umbraco. You need to consider changing passwords for both server RDC, SQL's sa and any Umbraco specific passwords.