ProblemAttachments, pages or attachments have been deleted from a Confluence instance, possibly over an extended period of time. Probable CauseA user has experienced this problem when downloading an offline copy of their Confluence instance using Webcopier. WebCopier follows every link in Confluence using an aggressive spidering strategy that includes automatic posting of confirmation forms. When WebCopier is run over a page, it follows the remove attachment or page link and performs the equivalent of clicking the OK button on the 'Are you sure you want to remove...?' dialog. If Webcopier has authenticated itself as a user with delete permission for that content, it will then be removed. DetectionHow to audit Confluence - enabling user access logging and identify the username deleting content by searching the access log for suspicious requests to doreremoveattachmentonpage.action or removepage.action NotesWebcopier must be used on a Confluence site by an authorised Confluence user for the above problem to occur. For a spider to delete content, it must be provided with the credentials of a Confluence user with the delete privilege and set to blindly post confirmation prompts. Confluence protects against against updates from automated spiders, such as those that would trawl a public instance of Confluence, by requiring that updates to Confluence content are posted via a form. Search spiders and other crawlers avoid populating and submitting forms for precisely this reason and at present, Webcopier is the only spider reported to submit confirmation forms by default. |
Comments (4)
Nov 07, 2007
Mark S says:
Whew, this could be good to know. We've had a couple of cases where attachments ...Whew, this could be good to know.
We've had a couple of cases where attachments have gone missing and it didn't seem to make sense (from a "malicious" point of view).
Curious, the instances where we've seen files disappear were in a page and their subpages. Webcopier's website indicates that it can download only specific directories, but confluence doesn't include the virtual page path in the URL, so that would mean it would be following the children links (but that wouldn't make sense if you were only telling webcopier to download one directory).
Anyone happen to know if webcopier would be capable of only downloading a specific page and it's sub pages, but not a complete space (or the whole wiki)?
Our confluence is behind a single sign on.
Nov 13, 2007
Mei Yan Chan says:
Hi Mark, I'm not particularly sure of Webcopier. Perhaps you would like to dire...Hi Mark,
I'm not particularly sure of Webcopier. Perhaps you would like to direct this question in our forum or mailing list. Thanks.
Regards,
Mei
Jun 11
Anonymous says:
I have logged in and found only the latest new attachement. All my old att...I have logged in and found only the latest new attachement. All my old attachments for a parent page are not there. However, after a delay of what appears to be about an hour, the attachements show up! I'm set to use the local confluence storage. Is there some reason that the attachments do not display right away, albeit the newer ones display?
Jun 17
Ming Giet Chong says:
Hi, I would suggest you to raise a support ticket at our issue tracker for furt...Hi,
I would suggest you to raise a support ticket at our issue tracker for further investigation to this issue:
Regards,
MG
Add Comment