1

A client's site is currently showing this message:

Craft does not support backtracking to this version. Please upload Craft 2773 or later.

I understand how to fix it, but I don't understand how it's happened.

In Craft’s request log I can only see one update:

2016/02/22 15:37:15 [info] [application] [Forced] Updating from 2.5.2761 to 2.5.2763.

But in the craft_info table the version and build are 2.6 and 2773, updated_at 2016-03-09 22:07:49.

Also in the log are several requests hitting 404s - /wordpress/, /administrator/index.php, /wp/, etc.

Then at 2016/03/10 04:07:42 (6 hours after craft_info was updated) in the log I'm seeing a load of these errors:

******************************************************************************************************
2016/03/16 09:11:25 [error] [exception.Craft\HttpException.503] exception 'Craft\HttpException' in /chroot/home/lincshub/lincshub.com/craft/app/etc/web/WebApp.php:229
Stack trace:
#0 /chroot/home/domain/domain.com/craft/app/framework/base/CApplication.php(184): Craft\WebApp->processRequest()
#1 /chroot/home/domain/domain.com/craft/app/index.php(62): CApplication->run()
#2 /chroot/home/domain/domain.com/html/index.php(19): require_once('/chroot/home/li...')
#3 {main}
REQUEST_URI=/
---

The last deployment (local to production) was made on 5 Feb 2016 12:44.

Could anyone shed some light on what's going on here please?

Matt Ellis
  • 361
  • 1
  • 9

1 Answers1

2

It looks like the database schema (at Craft version 2.6.2773) is ahead of the craft/app files on your file system (at Craft version 2.5.2763).

Since (I assume) you're not seeing any update info being logged in production around 2016-03-09 22:07:49 (from the dateUpdated column in the craft_info table), my guess is that someone updated the site/database locally, then restored the updated database to production with the older files still in place.

Brad Bell
  • 67,440
  • 6
  • 73
  • 143
  • But my local dev install is still only at version 2.5.2761. I've only ever ran the update (to 2.5.2763) on production. And I'm the only dev on this project - no one else would have access to deploy or import a db. – Matt Ellis May 11 '16 at 19:40
  • 2
    In that case, my second guess is "magic". :) – Brad Bell May 11 '16 at 19:46
  • Hmmm... not the answer I was hoping for. If you went for a third guess? – Matt Ellis May 11 '16 at 20:11
  • Maybe the update got borked somehow? Permissions problems could cause some weird issues. Have the updates from the CP ever worked properly? I see you're running a chroot on the server, wouldn't surprise me to see a file there causing problems. – RitterKnight May 11 '16 at 22:05
  • 1
    The updating process is extensively logged, so should be fairly easy to see if something went wrong from the log files. If you look in the craft_migrations folder, do you see an row for m160304_000000_client_permissions? If so, then that database schema has definitely been updated (somehow by someone) to 2.6 at some point in its life. – Brad Bell May 11 '16 at 23:39
  • Yes, m160304_000000_client_permissions exists. The dateUpdated time is 2016-03-09 22:07:40 - which is in line with the update log. However, in craft_users the lastLoginDate by any user is 2016-02-22 15:36:56. If no one has logged in since Feb 22nd, how can an update have been run on the March 9th? – Matt Ellis May 12 '16 at 08:44
  • Check the server access logs. My guess is still that someone restored an updated copy of the database to production. Wouldn't need to login to the Craft CP for that. – Brad Bell May 12 '16 at 17:19
  • Hosting company (Nexcess) only keep logs for 30 day. But like I mentioned, the only other copy in existence is my local version at 2761 - so even if someone had restored it to production - it's still not the correct version. Without a solid explanation for what's happened I do feel quite concerned about this. I can't risk it happening again. – Matt Ellis May 13 '16 at 09:16
  • I've just updated the production site to 2.6.2785, went to login but couldn't. Checked the 'lastPasswordChangeDate' in the users table (2016-03-09 22:24:14) then checked my emails for that date and I have a 'Reset your password' email. However, the setpassword url is for another Craft install on another domain (a leftover from a base install). Looking through commits, the license.key for both domains at some stage was the same. Is it possible that updating one domain could trigger an update on another domain if they were accidently mapped to each other / shared the same license.key? – Matt Ellis May 13 '16 at 11:05
  • I can't see how. The license.key file is used purely for Craft edition/domain validation. Nothing to do with updating or versions. – Brad Bell May 14 '16 at 03:50