Nextcloud version : 19.0.3
Operating system and version : Ubuntu 18.04
Apache : 2.4.29
PHP version : 7.4.10
Windows client : 3.0.1 on Windows 8.1
Background : I have a data folder on my Windows computer that I sync with my Nextcloud (VPS).
Problem : For the second time this month, almost all files get deleted (60Gb) from both my local Windows and remote Nextcloud. In the linux server, the logs indicate that deletion is initiated from the Windows client.
After the first incident I activated files deletion auditing on the folder in the Windows machine. Today, at the same time that the Nc server show that the Windows client request file deletion, the Windows machine logs show that the Nextcloud client initiate the deletion.
So, both machine say that the Windows Nextcloud client make the deletion.
Hopefully I had backup and the Nc server keeped all the file in “deleted files”. But now I try to understand what happend and I have no clue except for a Nc client software problem.
Is there any other log files that I can look at?
Nextcloud activity feed say : You deleted xxxx …
Apache logs
...
000.000.000.000 - winclient [09/Oct/2020:19:29:38 +0000] "PROPFIND /remote.php/dav/files/winclient/xxxxxxxx/xxxxxxxxxxxxx HTTP/1.1" 207 538592 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:29:49 +0000] "GET /ocs/v2.php/core/navigation/apps?absolute=true&format=json HTTP/1.1" 304 4078 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:29:49 +0000] "PROPFIND /remote.php/dav/files/winclient/ HTTP/1.1" 207 4989 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:29:49 +0000] "DELETE /remote.php/dav/files/winclient/xxxxxxxx/xxxxxxxxxxxxx HTTP/1.1" 204 4376 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:29:49 +0000] "DELETE /remote.php/dav/files/winclient/xxxxxxxx/xxxxxxxxxxxxx HTTP/1.1" 204 4376 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:29:49 +0000] "DELETE /remote.php/dav/files/winclient/xxxxxxxx/xxxxxxxxxxxxx HTTP/1.1" 204 4376 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:30:18 +0000] "DELETE /remote.php/dav/files/winclient/xxxxxxxx/xxxxxxxxxxxxx HTTP/1.1" 204 607 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
000.000.000.000 - winclient [09/Oct/2020:19:30:06 +0000] "DELETE /remote.php/dav/files/winclient/xxxxxxxx/xxxxxxxxxxxxx HTTP/1.1" 204 607 "-" "Mozilla/5.0 (Windows) mirall/3.0.1stable-Win64 (build 20200828) (Nextcloud)"
...
Loging in Nc Admin show absolutly nothing at the time of the event.
Windows audit example for one of the files :
Objet :
Serveur de l’objet : Security
Type d’objet : File
Nom de l’objet : E:\DATA\xxxxxxx\xxxxxxxxxxx
ID du handle : 0x13c4
Attributs de ressource : -
Informations sur le processus :
ID du processus : 0x224c
Nom du processus : C:\Program Files\Nextcloud\nextcloud.exe
Informations sur la demande d’accès :
ID de la transaction {00000000-0000-0000-0000-000000000000}
Accès : DELETE
config.php
$CONFIG = array (
'instanceid' => 'xxxxxxxxxx',
'passwordsalt' => 'xxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxx',
'trusted_domains' =>
array (
0 => 'xxxxxxxxxxxx',
),
'datadirectory' => '/var/www/nextcloud/data',
'dbtype' => 'mysql',
'version' => '19.0.3.1',
'overwrite.cli.url' => 'https://xxxxxx',
'dbname' => 'xxxxxxxx',
'dbhost' => 'localhost',
'dbport' => '',
'dbtableprefix' => 'oc_',
'dbuser' => 'xxxxxxxx',
'dbpassword' => 'xxxxxxxxxx',
'installed' => true,
'maintenance' => false,
'mysql.utf8mb4' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'theme' => '',
'loglevel' => 2,
'mail_smtpmode' => 'xxxxxxxxxxxxx',
'mail_smtpsecure' => 'xxxxxxxxxx',
'mail_sendmailmode' => 'xxxxxxxx',
'mail_from_address' => 'xxxxxxx',
'mail_domain' => 'xxxxxxxxxxx',
'mail_smtpauth' => xxxx,
'mail_smtpauthtype' => 'xxxxx',
'mail_smtphost' => 'xxxxxxxx',
'mail_smtpport' => 'xxxxxxx',
'mail_smtpname' => 'xxxxxxxxxxxxxx',
'mail_smtppassword' => 'xxxxxxxxxx',
'updater.secret' => 'xxxxxxxxxxxxxxx',
);