Catastrophic loss of downloads files
Posted
#8484
(In Topic #2125)
Help needed to find cause in logs
Hi Guys,After more than 13 years of running ocp/composer, I think this is the end of the line for me.
A couple of days ago my users were reporting that none of the downloads were available. On investigation I discovered that all of the files with the exception of one .bin file, index.html and htaccess were missing (5048) from the folder. I checked the database and discovered the cms_download_downloads table was also empty.
I only have backups of less than a quarter of these files (no need to tell me how stupid I am) and the rebuilding of the site will take months to recover. This is a hobby site that has grown over the years and I'm not sure I have the energy to rebuild it without knowing what has happened.
My primary question is; what should I be looking for in the server logs to try and understand how this has happened? I'm assuming that, because both the files are missing and the table is empty with the exception of the single upload I mentioned earlier, that this has happened programmatically. I have been scouring the logs for the last day but haven't yet discovered anything that might point me in the right direction. Very likely I've missed the obvious as the logs are of reasonable size (10+ Mb) and I've run out of ideas to search for.
A well know data recovery application states that the files are unrecoverable, the file header data is empty or the file has been securely deleted.
I am not a programmer so I'm seeking your advice to try and understand what happened and if it's worth even trying to rebuild the site with what I have.
Your insight and comments would be very much appreciated.
Composr v10.0.46
Windows IIS v8.5
Thanks in advance
TQ
Posted
Core Developer
Apologies for the delay in approving this topic and replying. I'm dealing with a lot of things ATM including a death in the family.
I'm really sorry to hear what happened. And unfortunately they are right, without full backups, the site cannot be recovered (which goes for just about any site running any software, not just Composr CMS).
I'm not sure yet where exactly to look; I need more info.
What was the name of the .bin file that was still present? And what was its path relative to the root directory of where Composr was installed?
Are all other database tables still present and populated with expected data?
If so, send me a dump of the cms_stats table to [email protected] (if you wish) and I will take a look. It might give me hints as to what happened.
It is possible the files were deleted from a critical bug. It is also possible you were hacked. In any case, it is very important we try to figure this out, even if you decide to use a different software program, so I can do my best to patch whatever needs patched in Composr.
Posted
No problem, I too have suffered a couple of losses in the past year so I appreciate how much it changes your life.
> …without full backups, the site cannot be recovered…
I am well aware, my problem is that the size of the downloads folder was so large that I don't have a solution for this on my limited system. That said, I am attempting to address this now.
> What was the name of the .bin file that was still present?
The .bin file was, I believe, a user upload that was uploaded after the loss occurred. 682644a185e2f8.16705628. That said, the actual user hasn't logged in for some considerable time according to their profile.
> was its path relative to the root directory of where Composr was installed
The /uploads//download folder was a symbolic link to another drive. The link is still intact as is the remaining drive content.
> Are all other database tables still present and populated with expected data?
As far as I can tell but I can say that the categories are missing in addition to the downloads themselves.
> send me a dump of the cms_stats
Sent. The date in question is the 15th of May (GMT+3)
> It is also possible you were hacked.
This is my greatest concern but I have no evidence to support this hence the purpose of my first message.
The other domains on the server seem to be functioning normally and other non-web related applications are, to my knowledge, fine.
> … even if you decide to use a different software program ..
Composr is the perfect solution for my application so I am reticent of moving away from it.
Thank you for taking the time to look into this. This has been my worst nightmare in a long time and appreciate you getting involved.
TQ
Posted
Core Developer
I will post Composr-specific conclusions here after we are done.
Posted
Posted
Core Developer
jacobgkau said
I watched the Composr 10.0.51 release notes video today and saw that module and block install/uninstall/upgrade events are now logged, with a reminder in the video that uninstallation of modules and blocks results in their data being deleted. My mind went back to this forum thread when hearing this. Just out of curiosity, was that update related to the problem reported in this thread?
From “Post #8519”, 14th Jul 2025
Yes, it was related to this. We're not certain that the uninstallation of the downloads module caused the data loss; we weren't able to figure out the cause. However, this is my most likely suspect that something in Composr caused it to get uninstalled. Something that is so sensitive it can cause data loss, like installing / uninstalling modules, definitely should have been something that was logged to the action logs, but never was in v10.
The update also had a fix in the upgrader, so v10 sites need to upgrade to 10.0.51 for a proper upgrade to v11. However, I detected another v10 issue in how Composr handles TAR files... so there will probably be a 10.0.52 release in which v10 sites will need to upgrade to that if they plan to upgrade to v11.
Last edit: by PDStig
0 guests and 0 members have recently viewed this.
