MatthewSchenker

Folder called ".well-known" Appeared on Server

7 posts in this topic

Greetings Everyone,

Just putting this out there to see if anyone else has experienced the same, and what it might mean.

I noticed this morning that a folder called ".well-known" appeared in the public_html folder of one of my ProcessWire installations. Some searching seems to turn this up as potential malware.

Has anyone else experienced this? And how do we prevent it?

Thanks,
Matthew

Share this post


Link to post
Share on other sites

I do believe this is to do with Let's Encrypt SSL certificates and I don't think this is anything to worry about. Malware with ProcessWire, pah :)

4 people like this

Share this post


Link to post
Share on other sites

Greetings,

Thanks cb2004 and Dave! When I did a quick search, among the first results that appeared was information about a WordPress malware with ".well-known." Even though I know PW is not susceptible like WP it got me worried!

It is always unnerving when a folder appears in your app installation that you didn't put there!

Matthew

Share this post


Link to post
Share on other sites

It's not unknown for nasties to masquerade as legitimate files/folders (Windows has long seen viruses & malware processes pretending to be svchost.exe, for example), but if you have installed a Let's Encrypt cert recently, it's probably part of that installation. ^-^

Share this post


Link to post
Share on other sites
15 minutes ago, DaveP said:

It's not unknown for nasties to masquerade as legitimate files/folders (Windows has long seen viruses & malware processes pretending to be svchost.exe, for example), but if you have installed a Let's Encrypt cert recently, it's probably part of that installation. ^-^

Or if not I do believe this is put their in readiness by your hosting company that you may wish to. It may even be enabled without you knowing, try going to the https:// version of your site and see what it says.

3 people like this

Share this post


Link to post
Share on other sites
1 hour ago, cb2004 said:

I do believe this is to do with Let's Encrypt SSL certificates and I don't think this is anything to worry about. Malware with ProcessWire, pah :)

@cb2004 is absolutely correct.

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.