• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.
  • Chevereto Support CLST

    Support response

    Support checklist

Errors in the logs...

dr_brown

dr_brown

Chevereto Member
Hi, I get these errors in the logs:

Code: 
[Mon Jul 29 00:21:27.038603 2019] [:error] [pid 16335] [client 148.251.120.201:53605] exception 'CHV\\LockException' with message 'Unable to destroy delete-expired-images lock in CHV\\Lock->process()' in /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php:109\nStack trace:\n#0 /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php(61): CHV\\Lock->process('destroy', Array)\n#1 /var/www/dr_brown/data/www/**********/app/loader.php(409): CHV\\Lock->__call('destroy', Array)\n#2 /var/www/dr_brown/data/www/**********/app/loader.php(409): CHV\\Lock->destroy()\n#3 [internal function]: CHV\\{closure}()\n#4 {main}
[Mon Jul 29 00:21:27.039701 2019] [:error] [pid 16335] [client 148.251.120.201:53605] exception 'CHV\\LockException' with message 'Unable to destroy clean-unconfirmed-users lock in CHV\\Lock->process()' in /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php:109\nStack trace:\n#0 /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php(61): CHV\\Lock->process('destroy', Array)\n#1 /var/www/dr_brown/data/www/**********/app/loader.php(422): CHV\\Lock->__call('destroy', Array)\n#2 /var/www/dr_brown/data/www/**********/app/loader.php(422): CHV\\Lock->destroy()\n#3 [internal function]: CHV\\{closure}()\n#4 {main}
[Mon Jul 29 06:07:47.598842 2019] [:error] [pid 24679] [client 95.108.181.119:58227] exception 'CHV\\LockException' with message 'Unable to destroy delete-expired-images lock in CHV\\Lock->process()' in /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php:109\nStack trace:\n#0 /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php(61): CHV\\Lock->process('destroy', Array)\n#1 /var/www/dr_brown/data/www/**********/app/loader.php(409): CHV\\Lock->__call('destroy', Array)\n#2 /var/www/dr_brown/data/www/**********/app/loader.php(409): CHV\\Lock->destroy()\n#3 [internal function]: CHV\\{closure}()\n#4 {main}

the strangest thing is that the ip address is not on my server.
I understand that the deletion of expired images and not confirmed users is blocked.
How do you delete guest images in general? Did you find cron problems in the instructions?
 
3.13.3

here today

Code: 
[Tue Jul 30 06:03:01.437673 2019] [:error] [pid 32294] [client 5.9.144.234:50863] exception 'CHV\\LockException' with message 'Unable to destroy clean-unconfirmed-users lock in CHV\\Lock->process()' in /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php:109\nStack trace:\n#0 /var/www/dr_brown/data/www/**********/app/lib/classes/class.lock.php(61): CHV\\Lock->process('destroy', Array)\n#1 /var/www/dr_brown/data/www/**********/app/loader.php(422): CHV\\Lock->__call('destroy', Array)\n#2 /var/www/dr_brown/data/www/**********/app/loader.php(422): CHV\\Lock->destroy()\n#3 [internal function]: CHV\\{closure}()\n#4 {main}
 
The problem is your filesystem permissions. The system can create locks but it can't remove them.

Make sure that permissions are OK.

PHP: 
            case 'destroy':
                if(file_exists($lock_file) && !@unlink($lock_file)) {
                    throw new LockException('Unable to destroy ' . $this->lock . ' lock in ' . $method);
                }
            break;
 
Look, my server IP is 91.234. *. *, The specialization of deleting pictures and the user comes from different IPs (192.151.145.178; 192.99.13.228 etc.) that are not related to my server, naturally they have no rights to such changes and the script blocks them. Now the question. are there any Cheveretto security violations that other IPs, for example bots, can specialize deletion of pictures or users? Nginx was configured according to your requirements from the documentation.
 
The locks are files used to avoid concurrency issues. The system is able to create these, but not delete. If the system can't delete these files is because the permissions are wrong. Simple as that.

The security issues of using chmod 777 is something that you should investigate on your own. Is not about bots deleting files, is about a path publicly writable.
 
You must log in or register to reply here.
Back
Top