The first one happened some time between 2AM and 10AM server-local time yesterday. I haven’t checked the second one.
I’m just trying to figure out how this got inserted into my index scripts. (Amusingly, the file timestamps didn’t change.)
I don’t know how it could get into my files without running as either me or another account running as a superuser.
I’m just not a big enough linux-guy to have much of a clue on how this happens.