GoDaddy flags PsySH as malware... anyone else seen this?

JohanTux posted 1 year ago

We've got a Laravel 5.4 app on shared hosting with GoDaddy, and today we got an "incident" email from GoDaddy security:

Our scans flagged your hosting account as containing known malware. Due to the negative impact to our systems, we've removed the following malware from your files:


They also flagged but did not remove:


I compared the source files on my app with a fresh laravel new project and they look to be the same.

Has anyone else seen anything like this?

(edited to fix subject)

GrahamCampbell replied 1 year ago


Not malware (unless your connection was compromised). You can verify this yourself by reading the source code.


That other file has absolutely nothing to do with Psy/Shell.php. In fact, you probably shouldn't even have that file on your production server. Install your dependencies using --no-dev.

Parth Trivedi replied 10 months ago

I also received a similar email from GoDaddy flagging the following files as malware.



It is the same package of Psy. Does anyone know how to resolve this?

Matthew replied 6 months ago

I believe its sucuri (the protection go daddy uses) I just got this email:

Warning: File possibly compromised: ./application/vendor/psy/psysh/src/Psy/ExecutionLoop/ForkingLoop.php (php.backdoor.psyshell.001). Manual review recommended. Warning: File possibly compromised: ./application/vendor/psy/psysh/src/Psy/ExecutionLoop/Loop.php (php.backdoor.psyshell.001). Manual review recommended.

Sign in to participate in this thread!

We'd like to thank these amazing companies for supporting us