Back

GoDaddy flags PsySH as malware... anyone else seen this?


JohanTux posted 8 months ago

We've got a Laravel 5.4 app on shared hosting with GoDaddy, and today we got an "incident" email from GoDaddy security:

Our scans flagged your hosting account as containing known malware. Due to the negative impact to our systems, we've removed the following malware from your files:

/vendor/psy/psysh/src/Psy/Shell.php

They also flagged but did not remove:

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

I compared the source files on my app with a fresh laravel new project and they look to be the same.

Has anyone else seen anything like this?

(edited to fix subject)

GrahamCampbell replied 8 months ago

/vendor/psy/psysh/src/Psy/Shell.php

Not malware (unless your connection was compromised). You can verify this yourself by reading the source code.

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

That other file has absolutely nothing to do with Psy/Shell.php. In fact, you probably shouldn't even have that file on your production server. Install your dependencies using --no-dev.

Parth Trivedi replied 4 months ago

I also received a similar email from GoDaddy flagging the following files as malware.

public_html/app/vendor/psy/psysh/src/Psy/ExecutionLoop/ForkingLoop.php

public_html/app/vendor/psy/psysh/src/Psy/ExecutionLoop/Loop.php

It is the same package of Psy. Does anyone know how to resolve this?

Matthew replied 1 week ago

I believe its sucuri (the protection go daddy uses) I just got this email:

Warning: File possibly compromised: ./application/vendor/psy/psysh/src/Psy/ExecutionLoop/ForkingLoop.php (php.backdoor.psyshell.001). Manual review recommended. Warning: File possibly compromised: ./application/vendor/psy/psysh/src/Psy/ExecutionLoop/Loop.php (php.backdoor.psyshell.001). Manual review recommended.


Sign in to participate in this thread!



We'd like to thank these amazing companies for supporting us