Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,644,460
Community Members
 
Community Events
196
Community Groups

Upgrade fails with "1. locked"

Hello, I have been experiencing some issues with my confluence instance out of nowhere. One day, I suddenly got the following error when going to any page of confluence

java.lang.IllegalArgumentException: Negative position
    at java.base/sun.nio.ch.FileChannelImpl.read(Unknown Source)

I thought restarting the server could fix things so I did that but when it came back online, somehow the connection with my database seems to have been lost and it asks me whether I want to setup a new database or use the evaluation database. I have been trying to get it running since, but I get into various errors. For example if I set up confluence with an empty database I get the following

The SystemInformationService could not be retrieved from the container. Therefore very limited information is available in this error report.
The SystemInformationService could not be retrieved due to the following error: java.lang.IllegalStateException: Spring Application context has not been set

I went into the logs folder just to find that any files from before the restart have a ".locked" ending and seem to be encrypted as I only get garbage when I open them.

I tried repairing it through an upgrade from 7.13.3 to 7.13.4

At the last step of the upgrade process, the installer however gets stuck and the only thing it prints was

1. locked

 before I the ssh connection with my machine was cancelled...

Any idea what that could mean and how I could open the locked files to see the logs of the original crash and restore my database to function without losing all my attachments?

3 answers

0 votes
Daniel Ebers
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Aug 17, 2022

More in general (although it is clear Confluence seems to be the point of intrusion for some hackers here) it suggests parts of your server has been compromised by ransomware.

Reinstalling the server (so you get a clean state) and restoring the instance from a proven clean backup sounds like the only chance you have these days.

These are more general rules, best-practise, and apply to any other software product also.

In the current case, listed here in Community, some time ago, it was a vulnerability which allowed hackers obviously to place malware on servers running Confluence and encrypt files & directories (which resulted obviously in the .locked-files you saw).

Hi,

Today my Confluence Server v7.15 stopped working. On the server hosting the Confluence instance I saw a bunch of strange files with the suffix .locked.

All the automatic backup files were also locked.

Luckily I was able to backup the database.

Is there any relation to the vulnerability CVE-2021-26084?


What should I do next?

Regards,
Miguel

0 votes
Mayur Jadhav
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Jun 07, 2022

Hi @Michael Ilewicz ,

We have been facing the same issue and it's related to recent vulnerability. I would definitely recommend you too raise priority ticket with Atlassian and asked for the immediate help.

 

Regards,
Mayur

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.13
TAGS
AUG Leaders

Atlassian Community Events