Strange files on my hosting
By Loupida on Sunday, 10 August 2014
Posted in General Issues
Replies 11
Likes 0
Views 853
Votes 0
Hello,

I don't know what happened, but i got more 1.200 files in the root of my server like this :
index.php?option=com_easysocial.1
index.php?option=com_easysocial.10
index.php?option=com_easysocial.111
index.php?option=com_easysocial.XXX

I contacted my hosting provider, but they don't know. Have you any idea of why they appear ?

Best regards.
Hello Loupida,

This is most likely generated by your cronjob. How does your cronjob currently look like? It should be something like this,

/usr/bin/wget -O /dev/null "http://site.com/index.php?option=com_easysocial&cron=true"; >/dev/null 2>&1
Mark
·
Sunday, 10 August 2014 14:00
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Mark,

Here is my cronjob : wget -q https://DOMAIN/index.php?option=com_easysocial&cron=true

But i've another cronjob like yours : wget -O /dev/null "http://DOMAIN/index.php?option=com_invitex&tmpl=component&task=mailto&pkey=azer" >/dev/null 2>&1;
And i've also files in server root related to Invitex probably caused by this cronjob.

So, i think these files don't result from some malicious behaviors, right ?
Loupida
·
Sunday, 10 August 2014 20:42
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Loupida,

Change your cronjob for EasySocial to the following:

wget -O /dev/null "https://DOMAIN/index.php?option=com_easysocial&cron=true" >/dev/null 2>&1
Mark
·
Sunday, 10 August 2014 21:25
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Mark,

Thanks for the tip, i really appreciate. But, my domain has SSL certificate that my cron can't stand. I must place this : --no-check-certificate, but i don't know where in the cronjob above. And, does it work if i replace https by http in my cronjob ?
Loupida
·
Tuesday, 12 August 2014 16:09
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Loupida,

Try this,

wget --no-check-certificate -O /dev/null "https://DOMAIN/index.php?option=com_easysocial&cron=true"; >/dev/null 2>&1
Mark
·
Tuesday, 12 August 2014 18:24
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Mark,

Mails are sent, but i receive this every 5 minutes :

--2014-08-12 14:20:02-- https://DOMAIN/index.php?option=com_easysocial&cron=true&phrase=XXX
Resolving http://www.DOMAIN.com... 45.156.165.870
Connecting to http://www.DOMAIN.com|45.156.165.870|:443... connected.
WARNING: cannot verify http://www.DOMAIN.com’s certificate, issued by “/C=US/O=GeoTrust,...”:
Unable to locally verify the issuer’s authority.
HTTP request sent, awaiting response... 303 See other
Location: https://www.DOMAIN.com/fr/?option=com_easysocial&cron=true&phrase=XXX [following]
--2014-08-12 14:20:03-- https://www.DOMAIN.com/fr/?option=com_easysocial&cron=true&phrase=XXX
Reusing existing connection to http://www.DOMAIN.com:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/x-json]
Saving to: “/dev/null”

0K 42.7M=0s

2014-08-12 14:20:04 (42.7 MB/s) - “/dev/null” saved [403]
Loupida
·
Tuesday, 12 August 2014 20:32
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Loupida,

Hm, try this instead (Sorry there was some typo earlier)

wget --no-check-certificate -O /dev/null "https://DOMAIN/index.php?option=com_easysocial&cron=true" >/dev/null 2>&1
Mark
·
Tuesday, 12 August 2014 22:49
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello,

If you talk about semicolon typed twice, i've seen it; i removed the second one before
Loupida
·
Tuesday, 12 August 2014 23:32
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Loupida,

Hm, you need to remove them both. There shouldn't need to be a ; . Not really sure why Joomla is adding the ; though.
Mark
·
Wednesday, 13 August 2014 01:48
·
0 Likes
·
0 Votes
·
0 Comments
·
Hello Mark,

It's fine now. Thank you.
Loupida
·
Wednesday, 13 August 2014 15:17
·
0 Likes
·
0 Votes
·
0 Comments
·
You are most welcome
Mark
·
Wednesday, 13 August 2014 23:29
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post