Dossier ED-Configs

Help Aide (en français)
1

Veuillez remplir les champs ci-dessous pour que nous puissions vous aider. Remarque : vous devez fournir votre nom de domaine pour obtenir de l’aide. Les noms de domaine des certificats émis sont tous rendus publics dans les journaux de Transparence de Certificat (par exemple, crt.sh | example.com). Par conséquent, le fait de ne pas indiquer votre nom de domaine ici n’aide pas à le garder secret, mais rend plus difficile pour nous le fait de vous aider.

Je peux lire des réponses en Anglais : oui

Mon nom de domaine est : cuiretcreation.fr

J’ai exécuté cette commande :

Elle a produit cette sortie :

Mon serveur Web est (inclure la version) :

Le système d’exploitation sur lequel mon serveur Web s’exécute est (version incluse) :

Mon hébergeur, le cas échéant, est : IONOS

Je peux me connecter à un shell root sur ma machine (oui ou non, ou je ne sais pas) : je ne sais pas

J’utilise un panneau de configuration pour gérer mon site (non, ou fournit le nom et la version du panneau de configuration) : wordPress

Bonjour,
Mon site wordpress est hébergé chez IONOS, et il s'avère que j'atteins la limite du nombre de fichiers autorisés (258 065 / 262 144 utilisé(s)). Je fais donc "du ménage" et je voulais savoir si dans les répertoires well-known certains fichiers pouvaient être supprimés ? IONOS m'a notamment indiqué que les répertoires ED-Configs contenus dans pli-validation et acme-challenge étaient très lourds.. J'ai également vu, en parcourant les fichiers via FTP, qu'il y avait des fichiers nommés "joomla ou encore magento" etc.. or je suis sur un site wordpress, est-ce que c'es fichiers txt sont tous utiles ?
Merci de votre aide,

2

Right now, your website isn't using a Let's Encrypt certificate, and Let's Encrypt does not use .well-known/pki-validation

As for .well-known/acme-challenge you can remove each file when the validation is done. But your acme client should've done that automatically.

1 Like
3

thank you @9peppe for your answer. So do you mean that I can remove all folders and files in well-known/acme-challenge ? I don't know what is "my acme" ?
You put a point before well-known (.well-known) and I see that there is 2 folders :
the first one :
/.well-known/apple-developer-merchantid-domain-association --> can I delete it ?

the other one :
/well-known/acme-challenge/(with folders a, b, d...) --> you say I can remove it ?
/well-known/pki-valdiation/(with folders a, b, d...) --> what about this one, can I remove it too ?

1 Like
4

I don't know.

With no dot? There should be a dot and no directories inside, just files: if so, you can remove it.

Probably yes, but I don't know. Still, it should have the dot. This is used by other certificate authorities.

1 Like
5

there is no dot before the folder well-known which contain directories named a, b, c, d etc...., and in one of them there is a directory called ED-Configs with lots of files..

I don't know how these directories arrived here and I don't know who can I help me to know if I can delete them or not...

6

This doesn't make any sense. Did somebody create it manually? The alternative is some buggy software did.

I don't know anything about this.

1 Like
7

If it doesn’t make any sense, I suppose I could delete these folders..?
Nobody create these files manually but perhaps were they created when the site was hacked there is 6 months ago ??

8

Either you, someone at your organization, or a hacker enrolled your domain into Apple's program. see here Preparing Merchant Domains for Verification | Apple Developer Documentation

If you are not part of it, I would delete it.

IMHO, I would delete the ENTIRE well-known and .well-known directories, then start from scratch. I would also start with a fresh wordpress install and run every security tool on it. I would also make sure your ACME account keys were recycled, along with any other credentials on that server.

The only reference I have found online for directory structures like yours, are when hackers compromise a website and try to hide files so people do not realize it is compromised. This often happens with wordpress installs. Using a deeply nested directory structure like that, hackers can hide malicious content without you realizing. For example, look at this url that uses the same structure as yours: https://awmci.us/well-known/pki-validation/h/b/j/b/ED-Configs/JumpF0x/0-blockbeats/blog-full-left-sidebar-with-frame/page/2/index.html. There are several other sites that appear to be compromised with JumpF0x in their urls. Most seem to have full wordpress installs in there, and spoof various websites. Most likely, hackers compromise a site like that and then direct people to it with spam/phishing campaigns. Because the content is hidden, the compromised site owners have no idea.

je suis desole, mais mon Français c'est tres mal. j'espère que vous pouvez comprendre mon Anglais. même aprés plus des années des études à l'école et à l'université.

3 Likes
9

If I were you, I would backup my contents and recreate the website.

1 Like
10

Thank you very much @jvanasco for your answer.
your French is not worse than my English :sweat_smile:

I don't know how I can make sure my ACME account keys have been recycled, who can tell me? I don't know what an "ACME" is..

Another question: if I rename the well-known directory, I will see if it breaks my site or not? If not, I can delete the directories, what do you think?

Thank you again,

1 Like
11

Thank you @9peppe, if i can avoid deleting everything that would be great :persevere:
I was wondering if I rename the folder and my site still works is that I can delete this folder without any consequences, isn't it ?

1 Like
12

That logic stands to reason, but I would wait still a few days (or weeks) to ensure nothing actually needs that information before deleting it.
Better to have and not need that to need and not have.

2 Likes
13

Thank you @rg305
You are right, I will wait few days before deleting it.

1 Like