Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

my Confluence run into 'setup database' state after 'kinsing' malware infection

Hello dears,

 i ran severel years a mini confluence wiki with a few pages. This Confluence instance was infected with malware (kinsing), due to time indisposition I just stopped the server and did not deal with it further.

Currently, we have decided to migrate this confluence installation to the cloud, but when I try to start the server, the confluence is in the "install database" state and cannot be exited.

I would like to ask - is there any option to recover data? Conflucene is connected to the mysql database, I have a backup of it, but I am not familiar with the tables structure. it would be enough for us to find out the content stored in the spaces.

Would anyone have any advice on this?

Thanks for any advice, regards, Rene

1 answer

1 vote

Your instinct to reach for a backup is exactly right.  I would want to start with a clean installation of the software, in a different location (ideally different server - nuke the old one from orbit, it's the only way to be sure)

Your malware attack might have damaged the data in the database, but it won't be able to inject anything that can proliferate, so even if it has damaged your data, your backups should be fine.

To recover, I would

  • Install and set up a new, empty, installation of Confluence on a new server.
  • Once it's got the basics running (you can log in as an admin and see that there are no spaces), restore a backup into it.

The question at this points becomes what type of backup you have taken.  If your database has not been affected by the malware, then you could just stop Confluence, point it at your old database, move the attachments to the new server, restart it and kick off a re-index.  If your backup is a database dump, you can do much the same after restoring the dump to a new database.  Or if you're relying on the XML backups, go to Admin -> backups -> Restore to re-import everything.  There are, of course, other backup methods, so we'd need more info if you have used something else.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events