Is there a 404javascript.js file?

[spirelli]

Hello, I hope someone can help here.

A Contao site was hacked earlier in the year and the hosting company said it fixed a vulnerability. I've tried to remove all malicious code, and we've also completed a complete upgrade to the latest Contao version.

I've just done a malware scan, and this shows that there is still something left from the hack. It mentions a 404javascript.js file, and indeed, when I go to that address I get directed to a blacklisted domain.

However, I cannot for the life of me find a 404javascript.js file. It's supposed to be in the root directory.

Does anyone have an idea what's going on?

Many thanks.

[spirelli]

An update: I've had a look at the .htaccess file in the root directory, and this looks clean to me:

Code:

##
# Contao Open Source CMS
# Copyright (C) 2005-2012 Leo Feyer
#
# Formerly known as TYPOlight Open Source CMS.
#
# This program is free software: you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation, either
# version 3 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program. If not, please visit the Free
# Software Foundation website at <http://www.gnu.org/licenses/>.
#
# PHP version 5
# @copyright  Leo Feyer 2005-2012
# @author     Leo Feyer <http://www.contao.org>
# @license    LGPL
##

##
# Disable ETags
# @see http://developer.yahoo.com/performance/rules.html#etags
##
FileETag None
<IfModule mod_headers.c>
  Header unset ETag
</IfModule>

##
# Prevent access to the Contao template files
##
<FilesMatch "\.(tpl|html5|xhtml)$">
  Order allow,deny
  Deny from all
</FilesMatch>

##
# Set the proper MIME types
# @see https://github.com/h5bp/html5-boilerplate
##
<IfModule mod_mime.c>
  # JavaScript
  AddType application/javascript              js jsonp
  AddType application/json                    json
  # Audio
  AddType audio/ogg                           oga ogg
  AddType audio/mp4                           m4a f4a f4b
  # Video
  AddType video/ogg                           ogv
  AddType video/mp4                           mp4 m4v f4v f4p
  AddType video/webm                          webm
  AddType video/x-flv                         flv
  # SVG
  AddType image/svg+xml                       svg svgz
  AddEncoding gzip                            svgz
  # Webfonts
  AddType application/vnd.ms-fontobject       eot
  AddType application/x-font-ttf              ttf ttc
  AddType font/opentype                       otf
  AddType application/x-font-woff             woff
  # Assorted types
  AddType image/x-icon                        ico
  AddType image/webp                          webp
  AddType text/cache-manifest                 appcache manifest
  AddType text/x-component                    htc
  AddType application/xml                     rss atom xml rdf
  AddType application/x-web-app-manifest+json webapp
  AddType text/x-vcard                        vcf
  AddType application/x-shockwave-flash       swf
</IfModule>

##
# Gzip compression
# @see https://github.com/h5bp/html5-boilerplate
##
<IfModule mod_deflate.c>
  # Current Apache versions (>= 2.2)
  <IfModule filter_module>
    FilterDeclare   COMPRESS
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/x-icon
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf
    FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype
    FilterChain     COMPRESS
    FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
  </IfModule>
  # Legacy Apache versions
  <IfModule !mod_filter.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
    AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
    AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
  </IfModule>
</IfModule>

##
# Expires headers (for better cache control)
# @see https://github.com/h5bp/html5-boilerplate
##
<IfModule mod_expires.c>
  ExpiresActive on
  ExpiresByType text/cache-manifest           "access plus 0 seconds"
  ExpiresByType text/html                     "access plus 0 seconds"
  # Data
  ExpiresByType text/xml                      "access plus 0 seconds"
  ExpiresByType application/xml               "access plus 0 seconds"
  ExpiresByType application/json              "access plus 0 seconds"
  # Feed
  ExpiresByType application/rss+xml           "access plus 1 hour"
  ExpiresByType application/atom+xml          "access plus 1 hour"
  # Media: images, video, audio
  ExpiresByType image/gif                     "access plus 1 month"
  ExpiresByType image/png                     "access plus 1 month"
  ExpiresByType image/jpg                     "access plus 1 month"
  ExpiresByType image/jpeg                    "access plus 1 month"
  ExpiresByType image/x-icon                  "access plus 1 month"
  ExpiresByType video/ogg                     "access plus 1 month"
  ExpiresByType audio/ogg                     "access plus 1 month"
  ExpiresByType video/mp4                     "access plus 1 month"
  ExpiresByType video/webm                    "access plus 1 month"
  # HTC files  (css3pie)
  ExpiresByType text/x-component              "access plus 1 month"
  # Webfonts
  ExpiresByType application/x-font-ttf        "access plus 1 month"
  ExpiresByType font/opentype                 "access plus 1 month"
  ExpiresByType application/x-font-woff       "access plus 1 month"
  ExpiresByType image/svg+xml                 "access plus 1 month"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
  # CSS and JavaScript
  ExpiresByType text/css                      "access plus 1 year"
  ExpiresByType application/javascript        "access plus 1 year"
</IfModule>

##
# Add a Vary Accept-Encoding header for the compressed resources. If you
# modify the file types above, make sure to change them here accordingly.
# @see http://developer.yahoo.com/performance/rules.html#gzip
##
<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary Accept-Encoding
  </FilesMatch>
</IfModule>

##
# URL rewriting
##
<IfModule mod_rewrite.c>
  RewriteEngine On

  ##
  # Change the RewriteBase if your Contao installation is in a subdirectoy and
  # the rewrite rules are not working properly. Usage examples:
  #
  #   RewriteBase /contao-2.11.0
  #   RewriteBase /path/to/contao
  #
  # Depending on your server, you might have to remove the line entirely.
  ##
  RewriteBase /

  ##
  # Uncomment the following lines and replace "domain.com" with your domain
  # name to redirect requests without "www" to the correct domain.
  ##
  #RewriteCond %{HTTP_HOST} ^domain\.com [NC]
  #RewriteRule (.*) http://www.domain.com/$1 [R=301,L]

  ##
  # If you cannot use mod_deflate, uncomment the following lines to load a
  # compressed .gz version of the aggregated Contao JavaScript and CSS files.
  ##
  #AddEncoding gzip .gz
  #<FilesMatch "\.js\.gz$">
  #  AddType "text/javascript" .gz
  #</FilesMatch>
  #<FilesMatch "\.css\.gz$">
  #  AddType "text/css" .gz
  #</FilesMatch>
  #RewriteCond %{HTTP:Accept-encoding} gzip
  #RewriteCond %{REQUEST_FILENAME} \.(js|css)$
  #RewriteCond %{REQUEST_FILENAME}.gz -f
  #RewriteRule ^(.*)$ $1.gz [QSA,L]

  ##
  # Do not rewrite requests for static files or folders such as style sheets,
  # images, movies or text documents. Do not add the URL suffix here!
  ##
  <FilesMatch "\.(htm|php|js|css|htc|png|gif|jpe?g|ico|xml|csv|txt|swf|flv|eot|woff|svg|ttf|pdf|gz)$">
    RewriteEngine Off
  </FilesMatch>

  ##
  # By default, Contao adds ".html" to the generated URLs to simulate static
  # HTML documents. If you change the URL suffix in the back end settings, make
  # sure to change it here accordingly!
  #
  #   RewriteRule .*\.html$ index.php [L]   # URL suffix .html
  #   RewriteRule .*\.txt$ index.php [L]    # URL suffix .txt
  #   RewriteRule .*\.json$ index.php [L]   # URL suffix .json
  #
  # If you do not want to use an URL suffix at all, you have to add a second
  # line to prevent URLs that point to folders from being rewritten (see #4031).
  #
  #   RewriteCond %{REQUEST_FILENAME} !-d
  #
  # If you are using mod_cache, it is recommended to use the RewriteRule below,
  # which adds the query string to the internal URL:
  #
  #   RewriteRule (.*\.html)$ index.php/$1 [L]
  #
  # Note that not all environments support mod_rewrite and mod_cache.
  ##
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule .*$ index.php [L]

  ##
  # The following rules are required if you want to pass the language as first
  # URL parameter (added in Contao 2.11). The first rule rewrites an empty URL
  # to the front end controller, the second one adds a missing trailing slash.
  ##
  RewriteRule ^[a-z]{2}/$ index.php [L]
  RewriteRule ^([a-z]{2})$ $1/ [R=301,L]

</IfModule>

I have no idea where else to look and would be grateful for any other suggestions!