Confluence not working after brach CVE-2019-3395

Hi,

So my server got breached after the last vulnerability you've released:

it showed the same signs and everything.

After a long time cleaning up the server and ending the botnet usage on my server i am trying to lunch the confluence but am not able to.

it just isn't accessible, not from within the server nor outside.

i need your assistance here please,

please tell me how to proceed.

Best,

Eliran.

1 answer

1 vote

Hey Eliran,

I wrote an article with the most common payload we've seen and steps others have taken to clean up from the attack. You can read it here, and it links to additional resources that will be useful.

If after reading the article and going through the steps Confluence still isn't launching, here's what would be useful to know:

Any processes running under the confluence user (the article talks about how to check this with the top command)
Output in the Confluence application log - this is located in <confluence-home>/logs/atlassian-confluence.log - just the bits since the last time you tried to start Confluence would be helpful

Thanks, hoping to help get your instance back up and running soon!
Daniel | Atlassian Support

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.