I just got the same message from my host.
We have detected malicious PHP scripts on your webhosting package. To prevent system abuse, our system has automatically quarantined these files. This concerns the following scripts:
shell.generic (Web shell)
/wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php
Existence of these scripts generally points to third parties having gained access to your webhosting package through means of e.g. stolen passwords or exploiting a vulnerability in one of the software packages you are using. We strongly recommend you check the entire webhosting package for other files that appear out of place, which our detection system might have missed.
-
This reply was modified 7 years, 10 months ago by kosmiq.
Same here. I removed the plugin temporarily, but would like to know what to do, I have no idea if there is any harm done to my site, don’t know how to find out about this.
Same here.
The harmful script that has been place in quarantaine is:
shell.generic (Webshell)
/home/*debnr*/domains/*domain*/public_html/wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php
Same. The detection software these webhosts are using is Patchman.
Indeed, my host also uses Patchman
Same exact thing going on here. Host uses Patchman as well.
It’s not gonna be fun to do, but I’ll be going into every site and removing Duplicator until there’s a definitive answer and fix.
-
This reply was modified 7 years, 10 months ago by JenJohnston.
Same here. Just removed Duplicator from every site. As if I had nothing else to do on a monday afternoon π
Is it enough to remove the plugin? If there is such a code running, wouldn’t it be safest to change all passwords of the wp-logins? I would have to do this on like 20 sites; including customer accesses…
An Answer of the developer would be helpful.
Just checked. File wp-content/plugins/duplicator/installer/build/assets/inc.libs.js.php in core file in version 1.16. As i understand, there is no virus.
Also – what web hosts are you guys using and levels? (Shared/VPS/Dedicated) Thanks
Bob
Hi guys, we haven’t updated the plugin in 2 weeks so we are pretty sure this is a false flag. Can someone give me detail about line number of inc.libs.js.php that is triggering the problem? Thanks
Bob