malware warning from Dreamhost

  • Resolved INDR

    (@inredoxdr)


    1 year, 1 month ago

    Our hosting service (Dreamhost) emailed us that “PDF Invoices & Packing Slips for WooCommerce” has a security issue and disabled two files, causing the plugin to break. Could you please let us know if these files is safe or in fact a malware? Thank you.

    Here is the notification:

    “We have identified malicious content on your account, added by an outside entity, which may include malware such as backdoor shells, adware, botnet, and spammer scripts. The following file(s) specifically have been identified as attacker-added malware. We have DISABLED these files by setting their permissions to 200 (Owner write-only). You will need to audit these files and either replace them with known good versions or remove them altogether:

    oursite.com/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/vendor/strauss/dompdf/dompdf/lib/Cpdf.php
    oursite.com/wp-content/plugins/woocommerce-pdf-invoices-packing-slips/vendor/strauss/dompdf/php-svg-lib/src/Svg/Surface/CPdf.php

    The existence of this known attacker content indicates that your website or user password has been compromised. You or a trusted webmaster will need to determine the attack vector and then take actions to mitigate further exploits”

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Contributor alexmigf

    (@alexmigf)

    1 year, 1 month ago

    Hi @inredoxdr

    These files are essential parts of the Dompdf library we use to generate PDFs. We’ve received similar reports in the past, but they were false positives, so we believe that might be the case here as well. There’s no indication of any issues in the main Dompdf repository, so if you’re able to ignore these warnings, it should be safe to do so.

    CMB70

    (@cmb70)

    1 year, 1 month ago

    One of my clients also received this warning from Dreamhost. I have updated everything to the most recent versions but they are still flagging it. What can we tell Dreamhost to confirm this is not malware?

    Plugin Contributor alexmigf

    (@alexmigf)

    1 year, 1 month ago

    @inredoxdr @cmb70

    The warning from DreamHost appears to be a false positive related to Cpdf, which is a component of Dompdf, the PDF rendering library used in our plugin. Dompdf is a widely-used, open-source library trusted by many WordPress plugins and developers. The Cpdf class, while older and less commonly used in modern projects, is still bundled with Dompdf for compatibility reasons and does not contain malware.

    You can let DreamHost know the following:

    “The flagged file is part of the Dompdf library, which is used by many reputable WordPress plugins for generating PDFs. The Cpdf class is not malicious and is included for compatibility. All files are from the official release, and the plugin has been updated to the latest version.”

    If DreamHost needs further technical assurance, we’re happy to provide more details or coordinate with their support team to verify the plugin files.

    Let us know if you need any additional help!

    Thread Starter INDR

    (@inredoxdr)

    1 year, 1 month ago

    Thank you for your reply. I contacted your support directly on Friday and received similar assurances. After communicating this information to Dreamhost support, the files were whitelisted and issue is now resolved. Thank you again for your help on this forum and directly through your customer support!

    Plugin Contributor alexmigf

    (@alexmigf)

    1 year, 1 month ago

    @inredoxdr You’re very welcome — and thank you for the follow-up!

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘malware warning from Dreamhost’ is closed to new replies.