Nextcloud version 18.02:
Operating system and version Ubuntu 18.04:
Apache or nginx version Apache 2.4.29:
PHP version 7.1:
The issue you are facing:
Our nextcloud site was compromised by junglesec (junglesec@secmail.pro) and they ran a file encryption program to encrypt all the data files. We fixed the box and the nextcloud system. We’re looking at the files now to see if there is an easy way to fix them and we think there is but we’re getting an error when synchronizing.
The error is
Server replied “423 Locked” to “PUT …”
We have the source files on a synced backup and the thought was to touch them all forcing a resync. The sync fails with the above message. On the server in the data directory there are no files with the corresponding name but rather the encrypted files the blackhats left.
My question is what approach can I used to solve this? For fun, I also issued DELETE FROM oc_file_locks WHERE 1 but that obviously didn’t solve the problem.
Is this the first time you’ve seen this error? Y:
Steps to replicate it:
- Launch the desktop sync client
The output of your Nextcloud log in Admin > Logging:
There are no log errors except for a theming issue.
The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):
<?php
$CONFIG = array (
'installed' => true,
'dbtype' => 'mysql',
'dbname' => 'owncloud',
'dbuser' => 'owncloud',
'dbpassword' => 'rmham',
'dbhost' => '127.0.0.1',
'dbtableprefix' => 'oc_',
'passwordsalt' => 'XXX',
'forcessl' => true,
'blacklisted_files' =>
array (
0 => '.htaccess',
),
'overwritehost' => '',
'overwriteprotocol' => '',
'overwritewebroot' => '/nextcloud',
'overwritecondaddr' => '',
'overwrite.cli.url' => 'https://ournextcloud.org/nextcloud',
'trusted_domains' =>
array (
0 => 'ournextcloud.org',
1 => 'www.ournextcloud.org',
),
'memcache.local' => '\\OC\\Memcache\\APCu',
'theme' => '',
'default_language' => 'en',
'3rdpartyroot' => '',
'3rdpartyurl' => '',
'defaultapp' => 'files',
'knowledgebaseenabled' => true,
'appstoreenabled' => true,
'mail_domain' => 'ournextcloud.org',
'mail_smtpdebug' => false,
'mail_smtpmode' => 'sendmail',
'mail_smtphost' => '127.0.0.1',
'mail_smtpport' => '25',
'mail_smtptimeout' => 10,
'mail_smtpauthtype' => 'LOGIN',
'trashbin_retention_obligation' => 'auto',
'allow_user_to_change_display_name' => true,
'appcodechecker' => true,
'updatechecker' => false,
'has_internet_connection' => true,
'check_for_working_webdav' => true,
'check_for_working_htaccess' => true,
'log_type' => 'nextcloud',
'logfile' => '',
'loglevel' => 2,
'logdateformat' => 'F d, Y H:i:s',
'logtimezone' => 'America/Denver',
'log_query' => false,
'log_authfailip' => true,
'log_rotate_size' => false,
'remember_login_cookie_lifetime' => 1296000,
'session_lifetime' => 86400,
'session_keepalive' => true,
'custom_csp_policy' => 'default-src \'self\'; script-src \'self\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-src *; img-src *; font-src \'self\' data:; media-src *',
'xframe_restriction' => true,
'maintenance' => false,
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/nextcloud/apps',
'url' => '/apps',
'writable' => true,
),
),
'customclient_desktop' => '',
'customclient_android' => '',
'customclient_ios' => '',
'enable_previews' => false,
'preview_max_x' => NULL,
'preview_max_y' => NULL,
'preview_max_scale_factor' => 10,
'preview_libreoffice_path' => '/usr/bin/libreoffice',
'preview_office_cl_parameters' => '',
'enable_avatars' => true,
'openssl' =>
array (
),
'singleuser' => false,
'instanceid' => 'ocd217a6d34e',
'version' => '18.0.2.2',
'datadirectory' => '/srv/owncloud',
'mail_from_address' => 'mail',
'secret' => 'XXX',
'htaccess.RewriteBase' => '/nextcloud',
'updater.release.channel' => 'stable',
'mysql.utf8mb4' => true,
);
The output of your Apache/nginx/system log in /var/log/____:
Strangely there are no relevant entries here either.