Hi all, our Confluence site went down earlier today but came back up following an application restart. In looking through the logs, I found multiple entries that raised my antennae a bit:
2022-02-06 06:01:40,150 ERROR [http-nio-8090-exec-5001 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: 2448bc04bc14180b
| userName: anonymous | action: createpage-entervariables
-- url: /pages/createpage-entervariables.action | traceId: d34ab04173918629 | userName: anonymous | action: createpage-entervariables
2022-02-06 09:33:42,418 WARN [Caesium-1-3] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-06 09:35:14,357 ERROR [http-nio-8090-exec-5070 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
Anonymous access is not enabled for our site, nor are users enabled to set up their own accounts.
Running 7.13.0 on a Linux server. Not seeing anything suspicious or eating up memory in top. Is this cause for concern?
@Lucinda Stroud The version you are on is susceptible to a vulnerability so you should upgrade it. Is your Confluence instance open to the web or do you have to be on your local network or VPN to access it? Are you sure that none of the spaces have anonymous access setup? When the site went down what was happening in the logs at that time? What was happening on the server? Have you worked with your network team to see if there is traffic from unexpected regions? These are all things you should check as you work to identify what actually happened.
Thanks @Brant Schroeder . Using the Access log, it does look like an IP from Egypt has been attempting to create pages repeatedly, but without success. We've blocked that IP just to be safe. Anonymous access is disabled globally. I don't know if those repeated attempts would have prompted the application to need to be restarted, as there wasn't any upticks in activity until I actually stopped and started the application. We will look into upgrading soon just to be safe.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Looks like a health check is failing specifically for the security vulnerabilities. Checks if your application version is listed as an affected version for any critical security vulnerabilities published at www.atlassian.com/trust/security/advisories.
Thanks,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the responses, @Tim Perrault and @Brant Schroeder .
Outage was reported midday PST yesterday, 2/7. Here are logs leading up from that time to the time when I stopped the application in advance of starting it again.
2022-02-07 08:33:47,191 WARN [Caesium-1-4] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 09:33:47,330 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 10:33:47,132 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 11:33:47,272 WARN [Caesium-1-4] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 12:33:47,256 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 12:41:33,198 INFO [Caesium-1-4] [ratelimiting.internal.configuration.ConfigurationLoggerJob] logConfiguration Periodic rate limiting configuration log. System rate limiting sett$
2022-02-07 13:33:47,371 WARN [Caesium-1-4] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 14:33:47,253 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 15:33:47,122 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 16:33:47,310 WARN [Caesium-1-3] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 17:20:00,249 INFO [Caesium-1-1] [synchrony.service.http.SynchronyRequestExecutor] execute Initiating Locking API request: SynchronyLockRequest
2022-02-07 17:20:00,336 INFO [Caesium-1-1] [synchrony.service.http.SynchronyRequestExecutor] execute Initiating Locking API request: SynchronyUnlockRequest
2022-02-07 17:33:48,172 WARN [Caesium-1-2] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 17:50:00,128 INFO [Caesium-1-2] [synchrony.service.http.SynchronyRequestExecutor] execute Initiating Locking API request: SynchronyLockRequest
2022-02-07 17:50:00,179 INFO [Caesium-1-2] [synchrony.service.http.SynchronyRequestExecutor] execute Initiating Locking API request: SynchronyUnlockRequest
2022-02-07 18:33:47,258 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 19:33:48,090 WARN [Caesium-1-4] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 20:33:47,200 WARN [Caesium-1-3] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 21:33:47,273 WARN [Caesium-1-3] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-07 22:00:00,132 INFO [Caesium-1-3] [synchrony.service.http.SynchronyRequestExecutor] execute Initiating Locking API request: SynchronyLockRequest
2022-02-07 22:00:00,199 INFO [Caesium-1-3] [synchrony.service.http.SynchronyRequestExecutor] execute Initiating Locking API request: SynchronyUnlockRequest
2022-02-07 22:22:02,582 WARN [Caesium-1-3] [atlassian.upm.pac.PacClientImpl] fetchMpacAppInfo Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException$
2022-02-07 22:33:47,160 WARN [Caesium-1-3] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-08 00:33:47,346 WARN [Caesium-1-1] [troubleshooting.healthcheck.concurrent.SupportHealthCheckProcess] lambda$getCompletedStatuses$0 Health check 'Security Vulnerabilities' failed w$
2022-02-08 00:41:33,198 INFO [Caesium-1-3] [ratelimiting.internal.configuration.ConfigurationLoggerJob] logConfiguration Periodic rate limiting configuration log. System rate limiting sett$
2022-02-08 01:05:03,179 INFO [Catalina-utility-2] [com.atlassian.confluence.lifecycle] destroy Shutting down long running task service
2022-02-08 01:05:03,181 INFO [Catalina-utility-2] [atlassian.plugin.manager.DefaultPluginManager] lambda$shutdown$5 Preparing to shut down the plugin system
2022-02-08 01:05:03,298 INFO [Catalina-utility-2] [atlassian.plugin.manager.DefaultPluginManager] lambda$shutdown$5 Shutting down the plugin system
2022-02-08 01:05:06,402 INFO [FelixShutdown] [plugins.synchrony.bootstrap.DefaultSynchronyProcessManager] stopProcess Stopping Synchrony...
2022-02-08 01:05:09,449 INFO [FelixShutdown] [plugins.synchrony.bootstrap.DefaultSynchronyProcessManager] stopProcess Stopping Synchrony...
2022-02-08 01:05:09,630 WARN [FelixShutdown] [insights.core.service.DefaultDataExportOrchestrator] destroy DefaultDataExportOrchestrator is about to be destroyed. Cancelling possible in fl$
2022-02-08 01:05:11,627 WARN [FelixShutdown] [addons.analytics.scheduler.EventLimiterScheduleManagerImpl] destroy Destroying Event Limiter Schedule
2022-02-08 01:05:11,630 WARN [FelixShutdown] [addons.analytics.scheduler.DataRetentionScheduleManagerImpl] destroy Destroying Data Retention Schedule
A few minutes into the application being started up again:
2022-02-08 01:29:54,816 ERROR [http-nio-8090-exec-12 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: 3abd9df43cc750fc | userName: anonymous | action: createpage-entervariables
2022-02-08 01:29:55,045 WARN [http-nio-8090-exec-12 url: /pages/createpage-entervariables.action] [theme.original.cache.DefaultRefinedCache] loadFooter Current user doesn't match with requ$
-- url: /pages/createpage-entervariables.action | traceId: 3abd9df43cc750fc | userName: anonymous
2022-02-08 01:36:51,124 ERROR [http-nio-8090-exec-41 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: 3594f6a050532e05 | userName: anonymous | action: createpage-entervariables
2022-02-08 01:43:51,182 ERROR [http-nio-8090-exec-16 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: fbae4c9dce6517bb | userName: anonymous | action: createpage-entervariables
-- url: /pages/createpage-entervariables.action | traceId: 26f0f95e0e6f3a9c | userName: anonymous | action: createpage-entervariables
2022-02-08 04:29:16,435 ERROR [http-nio-8090-exec-11 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: 77efde8c2a1902c5 | userName: anonymous | action: createpage-entervariables
2022-02-08 04:29:18,498 ERROR [http-nio-8090-exec-42 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: ae70e4bbf728ee78 | userName: anonymous | action: createpage-entervariables
2022-02-08 04:29:18,600 ERROR [http-nio-8090-exec-47 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: b947a776ebf101b6 | userName: anonymous | action: createpage-entervariables
2022-02-08 04:29:19,814 ERROR [http-nio-8090-exec-33 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: 70bdc5a06b9ba0a0 | userName: anonymous | action: createpage-entervariables
2022-02-08 04:29:20,021 ERROR [http-nio-8090-exec-16 url: /pages/createpage-entervariables.action] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap
-- url: /pages/createpage-entervariables.action | traceId: 00ab40e4232b4873 | userName: anonymous | action: createpage-entervariables
and more of the same throughout today.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Might be an issue with the collaborative editing. Check this link to see if anything in there will help you.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks @Tim Perrault - does that mean that you don't have concern with the repeated
userName: anonymous | action: createpage-entervariables
attempts?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The first thing I would do is run the log analyzer to see if that has any helpful tips.
https://confluence.atlassian.com/support/support-tools-plugin-790796813.html
If that doesn't help I would open a support ticket to be safe. Better safe than sorry :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Lucinda and Tim,
i also get these errors in version 7.13.3. the logfile analyzer does not return any errors, although there are enough such errors in the logfile.
Please let us know as soon as you get feedback from Atlassian as to what the problem is.
Thank you very much & good luck
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.