Support

Malware tagged in DevKit Pro 1.6.1

Publish date: 03/03/2025 •  Bug • Devkit-pro •  Tim Taricco

Nexcess Support sent the email below about 30 minutes after I installed DevKit Pro 1.6.1 on a website.

From: Nexcess Support <support@nexcess.net>
Date: Monday, March 3, 2025 at 3:24 PM
Subject: [Nexcess Security Alert] We’ve quarantined malicious files on your site.

Hi!

During the routine scans of our systems, we found malicious files in one or more of your web sites.
Don’t worry, we’ve already quarantined this malware for you!

Here’s what you should do next:

PLEASE CHECK YOUR SITE
Is your site still up? Does everything look normal?

MY SITE IS UP AND EVERYTHING SEEMS FINE
That’s great! It’s possible the vulnerability that allowed the attack is still there, however, and there may be additional malware present.

OH NO, MY SITE IS BROKEN!
The malware may have affected a core file in your site. You can use the technical information below to identify the file or files that need to be cleaned or restored.

In either case, we recommend that you do a thorough inspection of your site for any additional malware, and a thorough review and audit of your site to ensure that security updates are being applied and good security practices are being followed. You can do the work yourself, with a developer, or hire a malware-remediation service provider.

For our customers with WordPress sites, Nexcess offers malware remediation for /usr/local/maldetect/sess/session.250303-2315.1640300 per incident. If you’d like to take advantage of that service, open a ticket with Support and include the malware details information below.

Once your site is cleaned up and returned to normal, be sure to secure your site to guard against future infections. Here’s our guide to how to do that:
https://www.nexcess.net/help/secure-your-compromised-site/

MALWARE DETAILS
Below are details of the affected files:
________________________________________
HOST:      cloudhost-2677734.us-midwest-1.nxcli.net
SCAN ID:   250303-2315.16403
STARTED:   Mar  3 2025 23:15:02 +0000
COMPLETED: Mar  3 2025 23:24:03 +0000
ELAPSED:   541s [find: 63s]

PATH:          /home/
RANGE:         1 days
TOTAL HITS:    2

FILE HIT LIST:
/chroot/home/aabb18e4/fa999d7e47.nxcli.io/html/wp-content/plugins/devkit/includes/file-manager/file-manager.php
/chroot/home/aabb18e4/fa999d7e47.nxcli.io/html/wp-content/plugins/devkit/includes/file-manager/file-manager-backup.php
===============================================
Linux Malware Detect v1.6.6 < proj@rfxn.com >

  • support says:
    March 4, 2025 at 9:27 am

    You should ask them to white-list that file, because it is File Manager, and some over-secured hostings or malware security apps mark File Managers as malware, just because it can be used to edit the files ( some critical files ) as well, but we already added security features, like only ADMINS can use DevKit or FileManager…

    Regards,
    Mohammad Arshad
    DPlugins Support

Leave a Reply