You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hello, I have been experiencing some issues with my confluence instance out of nowhere. One day, I suddenly got the following error when going to any page of confluence
java.lang.IllegalArgumentException: Negative position
at java.base/sun.nio.ch.FileChannelImpl.read(Unknown Source)
I thought restarting the server could fix things so I did that but when it came back online, somehow the connection with my database seems to have been lost and it asks me whether I want to setup a new database or use the evaluation database. I have been trying to get it running since, but I get into various errors. For example if I set up confluence with an empty database I get the following
The SystemInformationService could not be retrieved from the container. Therefore very limited information is available in this error report.
The SystemInformationService could not be retrieved due to the following error: java.lang.IllegalStateException: Spring Application context has not been set
I went into the logs folder just to find that any files from before the restart have a ".locked" ending and seem to be encrypted as I only get garbage when I open them.
I tried repairing it through an upgrade from 7.13.3 to 7.13.4
At the last step of the upgrade process, the installer however gets stuck and the only thing it prints was
before I the ssh connection with my machine was cancelled...
Any idea what that could mean and how I could open the locked files to see the logs of the original crash and restore my database to function without losing all my attachments?
More in general (although it is clear Confluence seems to be the point of intrusion for some hackers here) it suggests parts of your server has been compromised by ransomware.
Reinstalling the server (so you get a clean state) and restoring the instance from a proven clean backup sounds like the only chance you have these days.
These are more general rules, best-practise, and apply to any other software product also.
In the current case, listed here in Community, some time ago, it was a vulnerability which allowed hackers obviously to place malware on servers running Confluence and encrypt files & directories (which resulted obviously in the .locked-files you saw).
Today my Confluence Server v7.15 stopped working. On the server hosting the Confluence instance I saw a bunch of strange files with the suffix .locked.
All the automatic backup files were also locked.
Luckily I was able to backup the database.
Is there any relation to the vulnerability CVE-2021-26084?
What should I do next?
Hi @Michael Ilewicz ,
We have been facing the same issue and it's related to recent vulnerability. I would definitely recommend you too raise priority ticket with Atlassian and asked for the immediate help.