We've got a Laravel 5.4 app on shared hosting with GoDaddy, and today we got an "incident" email from GoDaddy security:
Our scans flagged your hosting account as containing known malware. Due to the negative impact to our systems, we've removed the following malware from your files:
/vendor/psy/psysh/src/Psy/Shell.php
They also flagged but did not remove:
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
I compared the source files on my app with a fresh laravel new project and they look to be the same.
Has anyone else seen anything like this?
(edited to fix subject)
/vendor/psy/psysh/src/Psy/Shell.php
Not malware (unless your connection was compromised). You can verify this yourself by reading the source code.
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
That other file has absolutely nothing to do with Psy/Shell.php. In fact, you probably shouldn't even have that file on your production server. Install your dependencies using --no-dev.
I also received a similar email from GoDaddy flagging the following files as malware.
public_html/app/vendor/psy/psysh/src/Psy/ExecutionLoop/ForkingLoop.php
public_html/app/vendor/psy/psysh/src/Psy/ExecutionLoop/Loop.php
It is the same package of Psy. Does anyone know how to resolve this?
I believe its sucuri (the protection go daddy uses) I just got this email:
Warning: File possibly compromised: ./application/vendor/psy/psysh/src/Psy/ExecutionLoop/ForkingLoop.php (php.backdoor.psyshell.001). Manual review recommended. Warning: File possibly compromised: ./application/vendor/psy/psysh/src/Psy/ExecutionLoop/Loop.php (php.backdoor.psyshell.001). Manual review recommended.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast