Hostgator flagged a Postie file for security breach.

Thanks for the heads up. I’m not aware of any security issues filed against https://sourceforge.net/projects/simplehtmldom/
This library is used by many, many plugins and other PHP apps so I would expect to hear a lot about it if there were a problem.

Did Hostgator actually change the file? If so could you send me a copy at [email protected] Thanks.

yea I saw the sourceforge comments in the file and followed the trail trying to get some sense of the library’s history and it seemed legit to me.

When I say Hostgator inoculated the file I mean they flat out deleted it from the plug-in directory. I didn’t even get a chance to do a compare or anything, a little upsetting.

Since the library is popular I’m willing to bet someone somewhere misused it or something and it got caught up in the security net and wound up on a bad list somewhere.{speculation]

I couldn’t get Hostgator to give any specific details about the concrete security risk, so at this point I’m just keeping an eye on it.

I hope this isn’t a omen of the future, or a refactoring of the file might be necessary to avoid problems in the future. ugh….

If the file has been deleted then Postie will fail with an error at several places if your preferred text type is html. There are likely other places as well depending on configuration and features used.

It might be interesting to reinstall Postie (which would bring the file back) and see if Hostgator notices.

Way ahead of you,
already reinstalled, just waiting to see if I get another nasty-gram.

Same issue here; received HostGator’s note around noon ET today. Running latest version of postie, updated December 8.

I replied to HostGator saying I suspect it may be a false positive, and despite their claim that “No services have been disabled as a result of this discovery”, they may have broken a legit plugin. I have a note into my client who uses the plugin to post, to see if it’s affected his use. He sent an email out earlier today, but I haven’t seen it posted on the site.

I haven’t re-installed the entire plugin, but have re-uploaded the file.

Vic

I did try to talk to hg support today, but the csr I talked to wasn’t knowledgeable about the process. I did try to contact the abuse dept since they sent the notice. We’ll see if they respond.

Good Evening,

My name is Jonathan H. and I’m our customer service supervisor over at HostGator.com. We were sorry to hear of the trouble caused by the recent quarantine, and appreciate the chance to look into this matter in more detail. We’ve now had a chance to investigate this report and have found that, as suggested in earlier post, there was indeed a false positive which incorrectly flagged the file in question.

At this time we have worked to update our definitions to ensure this file is no longer flagged and will be restoring access to the related file for any accounts that had quarantines put in place. We hope this fully resolves the situation but if we can be of any further assistance, please feel free to reach out to me via [email protected] ATTN : Jonathan H. and I’ll be more than happy to help escalate any remaining issues.

Thanks so much for everyone’s input on this thread and we’ll be keeping an eye out for any additional updates.

Thanks Jonathan

Thanks for getting it sorted, Wayne!

It’s a diving catch at the warning track! the crowd goes wild!!!

Thank you Hostgator for the investigation and communicating the results, I was not expecting a response here, but it’s very much appreciated.

To bring this issue full circle I’m closing it.

Happy holidays everyone.
TR. Martin

This just happened to me on my blog website, as others mention this file has been around for a long time now so looks like Hostgator have not sorted it. I have re uploaded the file.

• This reply was modified 7 years, 11 months ago by webdesads.

Good Afternoon @webdesads,

We were sorry to hear this issue popped back up for you after our recent update but certainly appreciate you letting us know. After investigation, we’ve found that we had first restored access to the related file, however our update to whitelist the file from future suspensions had not yet been processed. As such, a number of instances were flagged and re-quarantined before the updated definition had been pushed through.

Now that the definition has been fully updated, we’ve ran the restore once more to ensure no other customers were caught in the brief window mentioned above. We are not expecting any additional issues at this time, however if anyone does face further trouble, please do not hesitate to let us know.

Thanks once more for your report and we wish everyone a happy new year!