Jump to content

Folder called ".well-known" Appeared on Server


MatthewSchenker
 Share

Recommended Posts

Greetings Everyone,

Just putting this out there to see if anyone else has experienced the same, and what it might mean.

I noticed this morning that a folder called ".well-known" appeared in the public_html folder of one of my ProcessWire installations. Some searching seems to turn this up as potential malware.

Has anyone else experienced this? And how do we prevent it?

Thanks,
Matthew

Link to comment
Share on other sites

Greetings,

Thanks cb2004 and Dave! When I did a quick search, among the first results that appeared was information about a WordPress malware with ".well-known." Even though I know PW is not susceptible like WP it got me worried!

It is always unnerving when a folder appears in your app installation that you didn't put there!

Matthew

Link to comment
Share on other sites

It's not unknown for nasties to masquerade as legitimate files/folders (Windows has long seen viruses & malware processes pretending to be svchost.exe, for example), but if you have installed a Let's Encrypt cert recently, it's probably part of that installation. ^-^

Link to comment
Share on other sites

15 minutes ago, DaveP said:

It's not unknown for nasties to masquerade as legitimate files/folders (Windows has long seen viruses & malware processes pretending to be svchost.exe, for example), but if you have installed a Let's Encrypt cert recently, it's probably part of that installation. ^-^

Or if not I do believe this is put their in readiness by your hosting company that you may wish to. It may even be enabled without you knowing, try going to the https:// version of your site and see what it says.

  • Like 3
Link to comment
Share on other sites

  • 1 month later...

I've seen the .well-known directory with hosting providers that offer cPanel accounts with the AutoSSL feature turned on. Both LetsEncrypt and Comodo cert renewals use the folder to install and replace soon-to-expire SSLs. Depending on your hosting provider's configurations, even self-signed SSLs may get updated.

BTW: For those that chose to use AutoSSL, Processwire's .htaccess config prevents reading of .txt files and access to directories beginning with periods so those would need to be turned off temporarily to allow the cert to be installed. Otherwise, PW will issue a 403 each time AutoSSL attempts to access the directory/file. Then, the SSL will expire and piss everyone off until it's fixed. :o But that's no fault of Processwire - It's better to keep those things in check then to let hosting plugins silently do whatever they want.

Link to comment
Share on other sites

@MindFull The htaccess file does allow access to the directory:

  # -----------------------------------------------------------------------------------------------
  # 12. Access Restrictions: Keep web users out of dirs that begin with a period,
  # but let services like Lets Encrypt use the webroot authentication method.
  # -----------------------------------------------------------------------------------------------

  RewriteRule "(^|/)\.(?!well-known)" - [F]

:)

  • Like 2
  • Haha 1
Link to comment
Share on other sites

#################################################################################################
# START PROCESSWIRE HTACCESS DIRECTIVES
# @version 2.3
#################################################################################################

...

  # -----------------------------------------------------------------------------------------------
  # Access Restrictions: Keep web users out of dirs that begin with a period
  # -----------------------------------------------------------------------------------------------

  RewriteRule "(^|/)\." - [F]

Eeek! - My PW 2.3 is showing lol! I have go to remove that from my Notepad++ cache

 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...