XF 2.2 weird folders in JS directory

CrispinP

CrispinP

Well-known member
folks,

I have some weird folders in the js directory.

ls shows tihis:
1673811395409.webp

contents of all have 3 files in. Always two js files and one empty html file. Names of the two js files always differ with one of them seemily random.


1673811458003.webp

1673811661602.webp



I found this because an rsync job I have to back up complained that one of the folders had vanished. I thought the name looked odd so too a look and found this.
All in all, there are 2298 folders in my js director! What gives?????
 
Sort by date Sort by votes
Looks like your server has been compromised or someone found a way to write files.
IS this host fully patched with the latest security updates?
Did you use any suspicious add-ons?
 
Upvote 0 Downvote
I had a duff upgrade in 2022 and needed to restore from backup hence all the files being created on the same day - 5th of March 2022.
It's also why they're owned by plesk

Unfortaunately, I only keep monthly backups for 9 months and my oldest backup is from May 2022 so I cannot look back further than that.

Considering a lot of these are js fils with a hint to "advert" it must be something weird with adverts......

How they (blah) did they get onto my server and why did rsync see one and then complain it vanished....?
 
Upvote 0 Downvote
Mr. Jinx said:
Looks like your server has been compromised or someone found a way to write files.
IS this host fully patched with the latest security updates?
Did you use any suspicious add-ons?
Click to expand...

Yes, fully patched OS and religiously do so every week or two. Always have. Maybe the occasional month gap.
Xenforo - yes, always keep that up to date too within a week or two of them releasing an update.

Annoying thing is, considering my previous post, I have no idea when this could have happened....
 
Upvote 0 Downvote
another thing re compromise - I have a couple of honeypot accounts in there which are also monitored by haveibeenpwned. Not the most advanced way but a canary of sorts. Nothing flagged.
 
Upvote 0 Downvote
I remember what it is -

It's the Adblock detector I have installed.

[Wutime] AdBlock Detection [anti-AdBlock]​

I was scratching the back of my brain because I knew I had this issue before. I guess my backup/restore process brought in files the addon did not know about and thereor did not delete. :)


No compromise :D

1673819388733.webp
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Dashmiel
  • Question Question
MG 2.2 Requested content cannot be loaded
Replies
4
Views
381
Jeremy P
Jeremy P
N
  • Question Question
XF 2.2 ERR_TOO_MANY_REDIRECTS
Replies
2
Views
339
K a M a L
K
M
  • Question Question
XF 2.2 How to setup forum in a sub folder
Replies
3
Views
600
Paul B
Paul B
Mian Shahid
  • Solved
XF 2.1 File health check problem, all JS files showing Unexpected contents
Replies
13
Views
2K
Taminoful
Taminoful
Digital Jedi
  • Question Question
Am I the Only Person on HostRocket?
Replies
7
Views
925
Digital Jedi
Digital Jedi
Top Bottom