GoDaddy flags PsySH as malware... anyone else seen this?

JohanTux posted 2 months ago

We've got a Laravel 5.4 app on shared hosting with GoDaddy, and today we got an "incident" email from GoDaddy security:

Our scans flagged your hosting account as containing known malware. Due to the negative impact to our systems, we've removed the following malware from your files:


They also flagged but did not remove:


I compared the source files on my app with a fresh laravel new project and they look to be the same.

Has anyone else seen anything like this?

(edited to fix subject)

GrahamCampbell replied 2 months ago


Not malware (unless your connection was compromised). You can verify this yourself by reading the source code.


That other file has absolutely nothing to do with Psy/Shell.php. In fact, you probably shouldn't even have that file on your production server. Install your dependencies using --no-dev.

Sign in to participate in this thread!

We'd like to thank these amazing companies for supporting us