What is .well-known?

Comodo SSL Certificate logoIronically, not that well known – even among technies!

You’ve seen it in cPanel and you’re wondering what this new folder is. “Well known you say – certainly isn’t to me!”. As already mentioned you’re far from alone.

But have I…?

No, you’ve not. The first question you want in answering is, ‘have I been hacked’. All security-conscious website owners these days ask the very same question when random files and folders appear on their hosting area – and if they’re not, they should be!

On the contrary, having this folder is a demonstration of the fact that you are security conscious and you care about your visitors!

The reason you have your not-so-well-known well-known folder is because you are using the Comodo AutoSSL feature – a nifty little tool for effortlessly managing your websites SSL certificate. Comodo AutoSSL places text files in here that are used to validate the domain.

Why is it doing this?

Comodo AutoSSL is doing this as it uses the text files to validate your domain name. Comodo must validate your domain name prior to issuing it with an SSL certificate.

What should I do with .well-known?

Absolutely nothing. Just leave it there, let Comodo sort out your SSL’s and keep the valid and live a happy and secure web life!

What is WEB-INF?

JavaWEB-INF is a directory that forms part of the folder structure defining a web application. These folders can be found in Java applications and usually follow a common structure including the following files:

  • Web.xml – this is an XML file called a deployment descriptor.
  • Class files – usually packaged up in JARs

And the following folders:

  • ‘lib’ (library) – these contain files that are automatically added to the classpath at runtime.
  • ‘classes’ – files containing classes that are not packaged up in a JAR.

What is _notes?

Adobe Dreamweaver

_notes is a folder created by Adobe Dreamweaver that stores configuration files in a language called XML to basically keep track of the site synchronisation between your file system and that of your server.

Can I delete _notes?

Absolutely you can. But should you, or do you want to?

The answer might be simpler than you’re thinking. If you’re not using Adobe Dreamweaver, then absolutely you can. The _notes folder is to keep track of IDs in Dreamweaver between local sites and your remote server. No Dreamweaver means no requirement for the folder. And in a similar fashion to the __MACOSX folder, it’s useless tat in these circumstances. Commonly, these folders are left behind when a developer has previously used Dreamweaver but has moved away – usually in search of a more affordable (read: preferably free!) tool that doesn’t mean they have to take out a second mortgage!

But I’m still using Dreamweaver!

OK, the answers not as clear cut. But it’s not a definite yes to keeping it.

The key thing here is whether you use the Dreamweaver site synchronisation feature. If you don’t, then it’s still happy days – you can delete it. With most developers, including those using Dreamweaver, now approaching deployments in a much more simpler fashion a la FTP, or employing a more complex deployment process a la Git and using deployment pipelines, this feature is now for many developers obsolete.

If you’re using a modern deployment process and version control such as Git, you can take a look at this short article on how to prevent further _notes folders being created to prevent further clean up required. Some users have reported, in a rather understandably disgruntled manner – that this may not be as effective as it should be! This could be down to rather confusing nomenclature on Adobe’s part however, by having a design notes feature embedded within Dreamweaver which appears to be causing some confusion.

What is __MACOSX?

This is a question that comes up a lot, particularly from Windows users. So what the devil is the folder called __MACOSX and what can or should I do with it? MacBook Pro

The technical term for what is contained within this curious folder is a resource fork. What a resource fork is is outside the scope of this short article but the Wikipedia article covers it nicely if you’re interested.

__MACOSX, as you may have gathered, will only be created on an Mac. If you’re creating files on Windows, you won’t ever (unintentionally) create these or see them.

However, a common place windows users do see these is in ZIP files that they download or files that they share with Mac users.

Outside of a Mac, they are useless. Depending on who you ask, you may get told that they’re useless fluff wherever they are – a debate that I’m sure will continue to rage on. The point being they do actually have an intended purpose in the OS X operating system.

So, why do Mac Users keep sending them to me if they’re useless?

The answer to this one is that Mac users simply don’t see these folders. Take the ZIP file that you’re looking at and have a look on a Mac a hey presto, just like magic, they’re invisible. And they aren’t the usual type of hidden folder. They’re really hidden! Hence why Mac users won’t remove them from the archive before they distribute.

Can I Delete The __MACOSX folder?

On Windows, absolutely – it’s no good to you at all. Just useless tat taking space up. On Mac, you can’t see it anyway.

The main complaint is that these files can, on occassion, take up massive amounts of space. Usually, they are KB’s so apart from cluttering up your file system and MFT the space they take up isn’t usually of a concern.

Chinese Domain Name Scam Warning

It’s been around a while, but it’s well worth covering again as unfortunately the scammers convince more and more people that they need to pay over the odds for domain names – particularly .cn and .asia as well as some curious sounding things such as ‘internet keyword’ registration.

If you cast you mind back to 2012, that’s when we first covered it in our original article. The text has changed, but the scam itself is identical.

I’ve been in computing for a while now and I have to be honest, I have no idea what internet keyword registration is – except snake oil.

There’s many personas that try to carry off this scam. The most recent one we’ve come across is a lady called Cynthia Lee. She is an Executive Manager at an organisation called ‘Sysl’.

So, how does it go?

Dear Sir,
The important affair is about your company name XXXXX registration,please forward it to your company’s leader.
Recently we received the registration application from Shanghai Sun Co.,Ltd,they want to register the XXXXX brand name and some domain names. As an authoritative and responsible registrar,we need to confirm if the company is your company’s cooperative partner. Also we need to verify whether you have allowed the company to apply these names.
Waiting for your response.
Best Regards, 

Cynthia Lee
Executive Manager
Address:Floor 12, Baida CBD Building, 360 West Changjiang Road,Hefei Anhui, China
Tel: (+86) 07395  2159  80
Fax:(+86) 07395  2159  80

E-mail received 26th June 2019

Sounds legit? Well, maybe it might do so if it wasn’t in pigeon English and littered with grammatical errors. I’m not Shakespeare, but this is a pretty poor attempt.

Conclusion

Avoid like the plague! This is a scam. No one’s after your domains. Well, maybe they are (there’s always customers on the lookout for potential domains), but these people are looking to bleed you dry rather than help you out.

Over at Squelch Design, they’ve got a nice article about how Matt Lowe followed this e-mail to it’s logical destination – i.e. please hand over lots of money for mysterious things. A good article that’s well worth a read!