• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: cache: Possible PHP injection (long string base64

cache: Possible PHP injection (long string base64 8 years 3 months ago #33997

  • acortes
  • acortes's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 1
After scan I receive this alert on "Scanning your files for common malware" step (version 2.9.6):

cache/_system/6865664994aed771de6b2c221150a107-cache-_system-0da111481ab8c3015e65aa0b904e4bb1.php

Possible PHP injection (abnormally long string - might be base64)

Tzo4OiJzdGRDbGFzcyI6ODp7czo5OiJzdXBwb3J0ZWQiO2I6MTtzOjU6InN0dWNrIjtiOjA7czo3OiJ2ZXJzaW9uIjtzOjU6IjIuNy4xIjtzOjQ6ImRhdGUiO3M6MTA6IjIwMTQtMDctMTgiO3M6OToic3RhYmlsaXR5IjtzOjY6InN0YWJsZSI7czoxMToiZG93bmxvYWRVUkwiO3M6MTIxOiJodHRwczovL3d3dy50d2VudHJvbml4LmNvbS9kb3dubG9hZC9jb29raWVjb25maXJtLzItNy0xL2NvbV9jb29raWVjb25maXJtLTItNy0xLXppcD9kbGlkPWNhM2E1MzZlNjFmNjI


I deleted the file and after a time it reapers it (new generation of it by cache)

I noted the same under administrator/cache

Any help?

Thanks
The administrator has disabled public write access.

cache: Possible PHP injection (long string base64 8 years 3 months ago #34128

  • info2097
  • info2097's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 5
I am getting something similar with Mosets Tree directory after a scan, scan says 11 malware scrips in total:

administrator/components/com_mtree/upgrade/2_0_6.php

Possible PHP injection (abnormally long string - might be base64)

0x3C6D6F73706172616D7320747970653D226D6F64756C65223E0A093C706172616D733E0A09093C706172616D206E616D653D22646973706C6179467265652220747970653D22726164696F222064656661756C743D223122206C6162656C3D22446973706C61792046726565207768656E207072696365206973203022206465736372697074696F6E3D2253657474696E67207468697320746F205965732077696C6C20646973706C617920746865207

Could you advise please on what to do?

With Thanks.
The administrator has disabled public write access.

cache: Possible PHP injection (long string base64 8 years 3 months ago #34131

  • alexp
  • alexp's Avatar
  • OFFLINE
  • RSJoomla! Official Staff
  • Posts: 2253
  • Thank you received: 180
I would recommend downloading the original "com_mtree" package and compare the source code. If the original one incorporates the same string then this is a false positive.
Please note: my help is not official customer support. To receive your support, submit a ticket by clicking here
Regards,
RSJoomla! Development Team
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!