Iframe injected to homepage with source as BrowserUpdate.exe. High FTTB

Keywords: LAMP/MAMP/WAMP - AWS - Technical issue - Other
bnsupport ID: 994780b1-c465-b354-701b-46f56235abf7
Description:
Hello people,

I am facing a weird problem with one of my client websites hosted on AWS Lightsail.

I noticed the FTTP for the homepage of the website n question was unexpectedly high on an otherwise pretty fast website.

Opened up the inspector and saw an unexpected iframe injected right at the start of the !!

The src of the iframe was ‘BrowserUpdate.exe’ (this file doesn’t exist on the webserver’s root).

On expanding the iframe section, I found that the entire webpage’s HTML was wrapped inside, many times over.
Please refer to the screenshot here - https://ibb.co/p1SKZcL

When I update the code of my layout file (It’s a Laravel app), the iframe goes away, only to come back after a few hours!

Any pointers about what might be the issue here would be really apprciated.

Thanks in advance.

Bitnami support tool’s output: 994780b1-c465-b354-701b-46f56235abf7

Hi @rajiv

Thanks for using Bitnami LAMP!

The src of the iframe was ‘BrowserUpdate.exe’

The name of the iframe is suspicious, to say the least. Even if the purpose was to prompt a frame notifying that a browser update is required, this should be done using regular web languages and not a Windows Executable.

(this file doesn’t exist on the webserver’s root).

Yes, it does not exist on the webserver’s root but still it seems to exist somewhere in your filesystem:

$ ls -la apache/htdocs/mii/storage/framework/views
...
-rw-r--r-- 1 daemon  daemon  773632 May 16 02:00 BrowserUpdate.exe
...

If you have access to the file, you could scan it using some services like the one VirusTotal provides:

https://www.virustotal.com/gui/

When I update the code of my layout file (It’s a Laravel app), the iframe goes away, only to come back after a few hours!

After briefly searching for more information on Google, it seems to be related to the wkhtmltopdf add-on:
https://laravelquestions.com/2021/05/04/wkhtmltopdf-cant-find-browserupdate-exe/

Are you using this? Maybe, you can try to deactivate it and see if that resolves your issue. If after disabling this add-on the issue is resolved, I recommend you keep it disabled as until there is an official statement by the developer or Laravel.

If it does not resolves your issue, maybe you can try to reach out to the Laravel Community for further information.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Thanks for your inputs @jcarmona

Your following input helped me locate the file in question:
ls -la apache/htdocs/mii/storage/framework/views

All this while, I was just looking for it in the root & the public folder.

I wan’t able to actually d’load the file as it was being marked suspicious by Chrome as soon as the download completed. However, I was able to delete the file from the folder.

Pushed an updated code, just to make sure the iframe was gone.

Looks good so far but I am keeping an eye for now.

Do you think the high FTTB issue had anything to do with the iframe being injected?

As of now, I can’t say I am seeing any positive change on that front.

Also, about the wkhtmltopdf package, I don’t think I am using the same anywhere on my app. Also. the fact that Chrome was marking the BrowserUpdate.exe file as suspicious, kind of points towards any malware.

Correct me if you think I am wrong here.

Ok, so as it turns out, the iframe has again been injected in the website!"

Any idea what might be injecting it?

Some pointers about where I should investigate would be great, please.

Thanks in advance!

Ok, so as it turns out, the iframe has again been injected in the website!"

I am so sorry to hear that! I have tried to launch a Bitnami LAMP instance on my side and enabled Laravel and could not face a similar issue:

Any idea what might be injecting it?

Is the BrowserUpdate.exe malicious file present in your instance again?

Some pointers about where I should investigate would be great, please.

My recommendation on this is that you reach out to a more Laravel-specialized forum and ask for similar cases there. As you saw from my previous link, this seems to be quite recent and maybe they are more familiar with the root of the issue.

https://laracasts.com/discuss

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Thanks again @jcarmona!

Bitnami’s LAMP stack doesn’t have any problems because I have identical stacks on other instances hosting other web apps and all of them work fine.

The issue somehow was with this particular instance.

I did see the BrowserUpdate.exe in my storage->framework->views folder after I had deleted it the first time.

Then, I went through the folder permissions and noticed the storage folder had the permission of 777. I changed it to 755 after deleting the BrowserUpdate.exe file, again and so far, it looks good.

The FTTP issue, however, still seems to be there. Maybe I should follow it up at Laracasts.

Thanks for your inputs.

Bitnami’s LAMP stack doesn’t have any problems because I have identical stacks on other instances hosting other web apps and all of them work fine.

Good to know it’s not a general thing. I had launched an instance just in case I could reproduce it.

I did see the BrowserUpdate.exe in my storage->framework->views folder after I had deleted it the first time.

This means that either someone is maliciously uploading the file (have you shared your keys? have you granted someone credentials to access the instance via SSH/FTP?) or somehow the application itself is the one downloading the file (for example, a malicious add-on like the one I mentioned).

Then, I went through the folder permissions and noticed the storage folder had the permission of 777. I changed it to 755 after deleting the BrowserUpdate.exe file, again and so far, it looks good.

I would recommend that you apply even more restrictive permissions. 755 still allows for the group and others to execute files. I’d go for 664 (Read & Write for owner/group and only Read for others) and if there is a specific file that requires execution permissions, grant them to that specific file exclusively.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Thanks again for your inputs, @jcarmona

I too think it is some malicious code that was doing this. The SSH/FTP access is only with me however, in the beginning, the ssh port wasn’t restricted so if at all something would have happened, it would have happened because of that.

Ssh access is now strictly restricted to allowed IPs!

Also, setting the storage folder to 664 doesn’t seem to work as it blocks access to the

/opt/bitnami/apache/htdocs/mii/storage/logs

folder.

Setting 777 to the storage->logs folder doesn’t seem to work!

Ssh access is now strictly restricted to allowed IPs!

That is great! Keep us in the loop :slightly_smiling_face:

Also, setting the storage folder to 664 doesn’t seem to work as it blocks access to the /opt/bitnami/apache/htdocs/mii/storage/logs folder
Setting 777 to the storage->logs folder doesn’t seem to work!

Maybe your folder is not configured with the right ownership then. The Apache service is run by a user called daemon that belongs to the group daemon.

As aforementioned, 664 will allow Read & Write for owner/group and only Read for others. Hence, you must ensure that the /opt/bitnami/apache/htdocs/mii/ does at least belong to the daemon user.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Maybe the owner group is an issue. Will do the needful there.

Thank you for your inputs again, @jcarmona

I am facing similar issue for my wordpress website deployed on AWS lightsail. this browserupdate.exe iframe is getting injected.

While after cleanup and defining strict access rules limited to only IPs that I explicitly allow, the issue did go away, there’s for sure more to it than what meets the eye.

The homepage was terribly slow (TTFB) was very long.

So, I finally created a new instance altogether (not form a snapshot) and redid the entire app.

Things work fine and as expected now.

Do keep us updated once you have a solution.

Good luck.

Hi @ruchipareek5

Sorry to hear that!

Since the day this topic was opened, more research has been done on the subject and I would like to verify some data. Would you mind executing the following commands?

$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*ldr.sh" -exec md5sum {} + 
$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*a.py" -exec md5sum {} + 
$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*BrowserUpdate.exe" -exec md5sum {} + 

If the above does not produce any output, try these ones instead (they make take some min to complete):

$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 833822feda97936d690ff6b983ad1a87'
$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 645647171d92e1fe289b63bbd2f2db86'
$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 048aa5b804cde0768111c633e0faa028'

Additionally, could you please execute the bnsupport-tool on the machine where the stack is running by following the steps described in the guide below so as to analyze its configuration?

Please note that you need to paste the code ID that is shown at the end.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Hi @jcarmona!

Thanks for the new leads.

I did try the same on my instance, the subject of the OP of this thread and did see some info that I would like to share in order to get some insights.

Somehow, the bnsupportool too , did not run after multiple attempts and returned a bunch of errors.

Sharing detailed screenshots below:

bnsupport-tool error

https://imgur.com/NeTxoup

https://imgur.com/5ARDHfB

See what do you think of it.

Thanks.

Hi @rajiv

I did try the same on my instance, the subject of the OP of this thread and did see some info that I would like to share in order to get some insights.

Thanks for your info :slightly_smiling_face:

Somehow, the bnsupportool too , did not run after multiple attempts and returned a bunch of errors.

After having inspected the screenshot, I can say that this is the new behaviour of the tool. Those errors you are seeing are not actually bnsupport-tool's own errors, but some errors/hints of misconfiguration it has found in your instance.


Regarding the other two screenshots, the most interesting thing is that the BrowserUpdate.exe file is flagged as malicious by VirusTotal:

The commands I shared tried to analyse your stack for files named ldr.sh, a.py and BrowserUpdate.exe, which seem to be related. The former two would be scripts that automatically look for web content and inject the iframe on them. The iframe would then be pointing to the latter.

However, in the case of your instance there’s no ldr.sh or a.py. In order to ensure that those files have not been renamed, could you please run the following command (they make take some min to complete):

# LOOK FOR ldr.sh
$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 833822feda97936d690ff6b983ad1a87'

# LOOK FOR a.py
$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 645647171d92e1fe289b63bbd2f2db86'

The explanation behind this is that every file has its own, unique fingerprint. Even if the names are changed, we can try to look for files in your system matching those IDs.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

We also encountered the BrowserUpdate.exe malware/virus on a new-ish Bitnami AWS Lightsail install. See the results of our find commands below.

       ___ _ _                   _
      | _ |_) |_ _ _  __ _ _ __ (_)
      | _ \ |  _| ' \/ _` | '  \| |
      |___/_|\__|_|_|\__,_|_|_|_|_|
  
  *** Welcome to the Bitnami WordPress 5.6-0                       ***
  *** Documentation:  https://docs.bitnami.com/aws/apps/wordpress/ ***
  ***                 https://docs.bitnami.com/aws/                ***
  *** Bitnami Forums: https://community.bitnami.com/               ***

#######################################################
###    For frequently used commands, please run:    ###
###         sudo /opt/bitnami/bnhelper-tool         ###
#######################################################

Last login: Tue Jun  1 23:54:02 2021 from 12.157.9.34
bitnami@ip-172-26-7-194:~$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*ldr.sh" -exec md5sum {} + 
bitnami@ip-172-26-7-194:~$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*a.py" -exec md5sum {} + 
d3817e9553333b7fe1441ee2e841a4b1  /usr/lib/python3/dist-packages/docutils/parsers/rst/languages/fa.py
c977e7aa03fde43107fd060b6caab9d1  /usr/lib/python3/dist-packages/docutils/parsers/rst/languages/ja.py
fc56955945d952f335c0f31ced0a469a  /usr/lib/python3/dist-packages/docutils/parsers/rst/languages/ca.py
9a90f5baa7264ee41b7c5b85905bdfb5  /usr/lib/python3/dist-packages/docutils/parsers/rst/languages/da.py
9244e642258db545217369437c4bd24c  /usr/lib/python3/dist-packages/docutils/languages/fa.py
d5f9b1bdf881bc810bfb7bd539afc003  /usr/lib/python3/dist-packages/docutils/languages/ja.py
871d0194c6e35891712b5874513fa87c  /usr/lib/python3/dist-packages/docutils/languages/ca.py
82fae97cd24ecf4fd689ab7abdf2b9fc  /usr/lib/python3/dist-packages/docutils/languages/da.py
5013d72606557f6245abbdad5b7a7bbb  /usr/lib/python3/dist-packages/cryptography/hazmat/primitives/asymmetric/rsa.py
4d8977e914351d4bb29fa0d75384a57c  /usr/lib/python3/dist-packages/cryptography/hazmat/primitives/asymmetric/dsa.py
6ce052fedbe5ed6d968a5bf375cc39be  /usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/rsa.py
07d888ea982dfa92051a70cb3646f736  /usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/dsa.py
ac11e1bef4a003ae711d5687f5a8b68c  /usr/lib/python3/dist-packages/awscli/schema.py
98280de1a7d03c362cc838995399c886  /usr/lib/python3/dist-packages/awscli/customizations/emr/argumentschema.py
cde1148d51295838240322d2103c0420  /usr/lib/python3/dist-packages/awscli/customizations/iamvirtmfa.py
0acfddf144cb2df47857d83ddfae5ad0  /usr/lib/python3/dist-packages/awscli/customizations/putmetricdata.py
d36c72995d188e9e999fc88588a46579  /usr/lib/python3/dist-packages/awscli/customizations/iot_data.py
e28124e9679a981849b78e82f3488ec4  /usr/lib/python3/dist-packages/awscli/customizations/awslambda.py
f9e60a7ee5c9fb8e6684ea424e9220f3  /usr/lib/python3/dist-packages/jwt/contrib/algorithms/py_ecdsa.py
ce677798dc095afa5cdcb6a2896b1e99  /usr/lib/python3/dist-packages/idna/uts46data.py
cc51422db6b3adde65bf8682eed9b5cc  /usr/lib/python3/dist-packages/idna/idnadata.py
b03699cd04aa8af59dc5d1a7c66a7e9d  /usr/lib/python3/dist-packages/idna/package_data.py
00d2bfdb6b370bfa42a5f5ffc582b9d6  /usr/lib/python3/dist-packages/boto/dynamodb/schema.py
cb26b3cd3122e146bbf43eb661f7a98e  /usr/lib/python3/dist-packages/jinja2/meta.py
8c08970db59a5ad2ceaeb0ab353daa2a  /usr/lib/python3/dist-packages/dateutil/relativedelta.py
cf7025578311da608db16f82a1e1f036  /usr/lib/python3/dist-packages/cloudinit/user_data.py
46700b6921d037a697cc0f4aa800fcaa  /usr/lib/python3/dist-packages/cloudinit/sources/DataSourceCloudSigma.py
24a2c4b5c025f411826d377ce1cd3b17  /usr/lib/python3/dist-packages/cloudinit/sources/DataSourceOpenNebula.py
6120356d5081be409949436390c1706b  /usr/lib/python3/dist-packages/cloudinit/distros/fedora.py
b5a8fe8256b5ca54c565fa2816da131e  /usr/lib/python3/dist-packages/cloudinit/config/schema.py
128abf59fa0fdbce6943747bc6660206  /usr/lib/python3/dist-packages/cloudinit/config/cc_rightscale_userdata.py
c28074992ac6be79fe02a56f6253f19b  /usr/lib/python3/dist-packages/cloudinit/config/cc_disable_ec2_metadata.py
149619d742ba879f78180f7bac0b3c55  /usr/lib/python3.7/lzma.py
21816ba7aee786d296aae676a7900942  /usr/lib/python3.7/encodings/idna.py
a36899a7805d86ce47007a7734bb93e4  /usr/lib/python2.7/lib2to3/fixes/fix_ws_comma.py
fbfb69fe7c71acacd88c03ef2e90a669  /usr/lib/python2.7/distutils/command/install_data.py
ce677798dc095afa5cdcb6a2896b1e99  /usr/lib/python2.7/dist-packages/idna/uts46data.py
cc51422db6b3adde65bf8682eed9b5cc  /usr/lib/python2.7/dist-packages/idna/idnadata.py
b03699cd04aa8af59dc5d1a7c66a7e9d  /usr/lib/python2.7/dist-packages/idna/package_data.py
00d2bfdb6b370bfa42a5f5ffc582b9d6  /usr/lib/python2.7/dist-packages/boto/dynamodb/schema.py
8e9755de2786c8bc1c6a7e0a0edf06c2  /usr/lib/python2.7/sha.py
dd03680d8a6cc50394b4da3bfd37ed80  /usr/lib/python2.7/encodings/idna.py
85cc53d9854440abcf03cb9d81272175  /usr/lib/python2.7/_sysconfigdata.py
bitnami@ip-172-26-7-194:~$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*BrowserUpdate.exe" -exec md5sum {} + 
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/themes/generatepress/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/themes/generatepress/inc/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/plugins/jet-engine/templates/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/plugins/jet-engine/templates/profile-builder/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/plugins/backupbuddy/_importbuddy/importbuddy/views/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/plugins/backupbuddy/views/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/plugins/backupbuddy/vendor/microsoft/microsoft-graph/tests/Functional/BrowserUpdate.exe
ba77c5ae2b2494e98c6997a98d266b14  /opt/bitnami/apps/wordpress/htdocs/htdocs2/wp-content/plugins/backupbuddy/pluginbuddy/classes/BrowserUpdate.exe
bitnami@ip-172-26-7-194:~$

I have also run the bnsupport-tool with the following output

bitnami@ip-172-26-7-194:~$ sudo /opt/bitnami/bnsupport-tool
----------------------------------------------------------------------------
Welcome to the Bitnami Support tool.

----------------------------------------------------------------------------
Please read the following information carefully.

Press [Enter] to continue:
This tool collects system information and files from a Bitnami stack into a
support bundle file to be uploaded and reviewed by the Bitnami Team, for the
sole purpose of providing you support for any issue you may find.

The uploaded information will be automatically removed from our systems after 1
month. In case you have any doubt regarding our privacy policy please check:

https://www.vmware.com/help/privacy.html
Press [Enter] to continue:

Do you accept? [y/n]: y

|\
The bndiagnostic tool has found some errors that may be related to the issue you 
are having. The output will be shown on the next page:
                                    
Press [Enter] to continue:


===== Begin of bndiagnostic tool output =====

 
    ? Apache: Found possible issues
    ✓ Connectivity: No issues found
    ✓ Resources: No issues found
    ✓ Mysql: No issues found
    ✓ Php: No issues found
 
 
[Apache]

Found recent error or warning messages in the Apache error log.
```
[Wed Jun 02 17:05:36.236388 2021] [proxy_fcgi:error] [pid 10600:tid 
139635040655104] [client 193.118.53.202:33294] AH01071: Got error 'PHP message: 
PHP Warning: Unknown: failed to open stream: No such file or directory in 
Unknown on line 0PHP message: PHP Fatal error: Unknown: Failed opening required 
'/opt/bitnami/apps/wordpress/htdocs/wordfence-waf.php' 
(include_path='.:/opt/bitnami/php/lib/php') in Unknown on line 0'
 [Wed Jun 02 17:05:37.882720 2021] [proxy_fcgi:error] [pid 10600:tid 
139635091011328] [client 88.214.56.236:36108] AH01071: Got error 'PHP message: 
Press [Enter] to continue:
PHP Warning: Unknown: failed to open stream: No such file or directory in 
Unknown on line 0PHP message: PHP Fatal error: Unknown: Failed opening required 
'/opt/bitnami/apps/wordpress/htdocs/wordfence-waf.php' 
(include_path='.:/opt/bitnami/php/lib/php') in Unknown on line 0'
 [Wed Jun 02 17:05:41.927596 2021] [proxy_fcgi:error] [pid 10600:tid 
139635007084288] [client 45.141.87.5:43736] AH01071: Got error 'PHP message: PHP 
Warning: Unknown: failed to open stream: No such file or directory in Unknown on 
line 0PHP message: PHP Fatal error: Unknown: Failed opening required 
'/opt/bitnami/apps/wordpress/htdocs/wordfence-waf.php' 
(include_path='.:/opt/bitnami/php/lib/php') in Unknown on line 0'

```
Please check the following guide to troubleshoot server issues:
 
https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-erro
rs-apache/
 

===== End of bndiagnostic tool output =====

                                    
Press [Enter] to continue:
The support bundle was uploaded successfully to the Bitnami servers. Please copy the following code:

fb0698d1-23da-512c-1940-9cedadb05199

And paste it in your Bitnami Support ticket.

cc @jcarmona
I also did not find any files with the fingerprint match of a.py or ldr.sh

**bitnami@ip-172-26-7-194**:**~**$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 833822feda97936d690ff6b983ad1a87'

**bitnami@ip-172-26-7-194**:**~**$ sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -exec md5sum {} + | grep '^ 645647171d92e1fe289b63bbd2f2db86'

**bitnami@ip-172-26-7-194**:**~**$

Hi @mtobin

We also encountered the BrowserUpdate.exe malware/virus on a new-ish Bitnami AWS Lightsail install. See the results of our find commands below.

Sorry to hear that as well! From the output of the commands below, it seems that at least your system does not have the two related files reported. It seems that it is also common for this infection to create cronjobs (jobs that run periodically) in your system, could you please try to execute the following command to identify the ones you have activated?

for user in $(getent passwd | cut -f1 -d: ); do echo $user; sudo crontab -u $user -l; done

From your bnsupport-tool report, I see there is a strange process taking up a lot of resources:

-----------------------------------
Check memory usage for all current processes
-----------------------------------
Running: ps -e -orss=,args= | sort -b -k1,1n | awk '{print $1,$2}'
In: /opt/bitnami
...
27740 /tmp/396ee3fcb0
34636 /opt/bitnami/apache2/bin/httpd.bin
327276 /opt/bitnami/bnsupport-tool
742964 /opt/bitnami/mysql/bin/mysqld.bin
2400376 [kthreaddi]

Please, kill this process by executing the command:

sudo kill -s9 27740

Then, proceed to delete every entry of the BrowserUpdate.exe file in your system:

sudo find / -type f -not -path "/proc/*" -not -path "/sys/*" -name "*BrowserUpdate.exe" -exec rm {} + 

Apart from that, I recommend you deactivate all your plugins (just in case this is due to a malicious one) and follow this guide, that covers how to secure your Wordpress installation:

https://docs.bitnami.com/google/apps/wordpress/troubleshooting/enforce-security/

sudo wp plugin deactivate --all

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

1 Like

Thanks @jcarmona. I checked and there were no cronjobs. I also killed the strange process /tmp/396ee3fcb0. I’m not too worried about fixing this instance because I’ve already abandoned it and started another Lightsail instance.

My main concern is that this was a fairly vanilla Bitnami instance and I’m worried that the malware is in the image. I’m still tracking down whether or not our devs installed any other plugins and I’ll reply back once I have that info. In the meantime, do you think this could be part of the image, especially since at least a couple others have had this same issue with the Bitnami Lightsail image?

Thanks

1 Like