Support

Admin Tools

#19629 PHP Scanner does not find infected malware

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 19 March 2014 12:55 CDT

Wednesday, 19 March 2014 11:57 CDT

user79254
 I run the PHP file scanner twice a day. I have purposely uploaded a malware infected php file into the /components directory to see if the scanner finds it. It does not. The scanner report is below. Why does the scanner not find this file?

The php file can be downloaded here: https://dl.dropboxusercontent.com/u/6800790/spam/ssllLq.php

File Scan results
File Scan results
> Overview
>
> Total Files: 24140
> Modified: 919
> Added: 0
> Suspicious: 918
> Added
> File path Threat score
> Modified
> File path Threat score
> update/administrator/components/com_comprofiler_old/imgToolbox.class.php 3232
> administrator/components/com_comprofiler_old/imgToolbox.class.php 3232
> update/libraries/fof/controller/controller.php 3023
> libraries/fof/controller/controller.php 3023
> update/components/com_alphauserpoints/assets/phpThumb/phpthumb.class.php 2938
> components/com_alphauserpoints/assets/phpThumb/phpthumb.class.php 2938
> update/plugins/fabrik_element/calc/calc.php 2321
> plugins/fabrik_element/calc/calc.php 2321
> update/components/com_fabrik/libs/getid3/getid3/getid3.php 2047
> components/com_fabrik/libs/getid3/getid3/getid3.php 2047
> update/chat/admin/pclzip.lib.php 1857
> update/administrator/components/com_zoo/libraries/pcl/pclzip.lib.php 1857
> chat/admin/pclzip.lib.php 1857
> administrator/components/com_mailster/views/list/tmpl/default.php 1857
> administrator/components/com_zoo/libraries/pcl/pclzip.lib.php 1857
> update/modules/mod_geommunity/tmpl/default.php 1627
> update/components/com_fabrik/models/element.php 1625
> components/com_fabrik/models/element.php 1625
> components/com_cjlib/framework/class.upload.php 1396
> update/modules/mod_geommunity/tmpl/deprecated_default.php 1395
> update/administrator/components/com_akeeba/akeeba/plugins/engines/proc/sugarsync.php 1395
> administrator/components/com_akeeba/akeeba/plugins/engines/proc/sugarsync.php 1395
> update/administrator/components/com_akeeba/akeeba/plugins/utils/idrivesync.php 1394
> administrator/components/com_akeeba/akeeba/plugins/utils/idrivesync.php 1394
> update/administrator/components/com_mailster/views/list/tmpl/default.php 1393
> update/administrator/components/com_comprofiler_old/library/pcl/pcl.pclziplib.php 1393
> administrator/components/com_comprofiler_old/library/pcl/pcl.pclziplib.php 1393
> update/components/com_fabrik/libs/getid3/getid3/write.metaflac.php 1351
> components/com_fabrik/libs/getid3/getid3/write.metaflac.php 1351
> update/administrator/components/com_ijoomlainstaller/models/ijoomlainstaller.php 1332
> components/com_cjlib/twitter/twitter.php 1332
> administrator/components/com_ijoomlainstaller/models/ijoomlainstaller.php 1332
> update/components/com_s2framework/s2framework/libs/view/helpers/cache.php 1163
> update/components/com_s2framework_bak/s2framework/libs/view/helpers/cache.php 1163
> components/com_s2framework/s2framework/libs/view/helpers/cache.php 1163
> components/com_s2framework_bak/s2framework/libs/view/helpers/cache.php 1163
> update/plugins/payment/linkpoint/linkpoint/lib/lphp.php 1162
> plugins/payment/linkpoint/linkpoint/lib/lphp.php 1162
> chat/admin/language.m.php 1162
> update/administrator/components/com_koparent/views/gallery/tmpl/default_upload.php 1161
> administrator/components/com_koparent/views/gallery/tmpl/default_upload.php 1161
> update/administrator/components/com_admintools/akeeba/platform/jfscan/engines/archiver/jfscan.php 1160
> update/components/com_community/libraries/twitter/tmhUtilities.php 930
> update/components/com_alphauserpoints/controllers/account.php 930
> update/administrator/components/com_alphauserpoints/controller.php 930
> components/com_cjlib/lib/tcpdf/tcpdf.php 930
> components/com_cjblog/controllers/articles.php 930
> components/com_community/libraries/twitter/tmhUtilities.php 930
> components/com_alphauserpoints/controllers/account.php 930
> administrator/components/com_alphauserpoints/controller.php 930
> update/components/com_s2framework/vendors/facebook/base_facebook.php 929
> update/components/com_community/libraries/facebook/base_facebook.php 929
> update/components/com_s2framework_bak/vendors/facebook/base_facebook.php 929
> update/administrator/components/com_akeeba/akeeba/abstract/query.php 929
> update/administrator/components/com_akeeba/models/confwiz.php 929
> update/administrator/components/com_admintools/akeeba/abstract/query.php 929
> update/administrator/components/com_comprofiler_old/comprofiler.class.php 929
> components/com_s2framework/vendors/facebook/base_facebook.php 929
> components/com_community/libraries/facebook/base_facebook.php 929
> components/com_s2framework_bak/vendors/facebook/base_facebook.php 929
> libraries/googl/api.php 929
> administrator/components/com_akeeba/akeeba/abstract/query.php 929
> administrator/components/com_akeeba/models/confwiz.php 929
> administrator/components/com_admintools/akeeba/abstract/query.php 929
> administrator/components/com_comprofiler_old/comprofiler.class.php 929
> update/plugins/fabrik_form/email/email.php 928
> plugins/fabrik_form/email/email.php 928
> modules/mod_geommunity_js/tmpl/default.php 928
> update/libraries/simplepie/simplepie.php 912
> libraries/simplepie/simplepie.php 912
> update/components/com_s2framework/vendors/simplepie/simplepie.inc.php 911
> update/components/com_s2framework_bak/vendors/simplepie/simplepie.inc.php 911
> components/com_s2framework/vendors/simplepie/simplepie.inc.php 911
> components/com_s2framework_bak/vendors/simplepie/simplepie.inc.php 911
> update/components/com_alphauserpoints/assets/phpThumb/phpthumb.functions.php 909
> update/administrator/components/com_extplorer/include/transfer.php 909
> components/com_alphauserpoints/assets/phpThumb/phpthumb.functions.php 909
> administrator/components/com_extplorer/include/transfer.php 909
> update/modules/mod_facebookwall/tmpl/default.php 907
> modules/mod_facebookwall/tmpl/default.php 907
> update/components/com_search/5f3y97.php 898
> components/com_search/5f3y97.php 898
> administrator/components/com_acymailing/helpers/bounce.php 897
> update/plugins/acymailing/tagmodule/tagmodule.php 866
> update/administrator/components/com_acymailing/extensions/plg_acymailing_tagmodule/tagmodule.php 866
> plugins/acymailing/tagmodule/tagmodule.php 866
> administrator/components/com_acymailing/extensions/plg_acymailing_tagmodule/tagmodule.php 866
> update/administrator/components/com_extplorer/libraries/Auth/HTTP/HTTP.php 704
> administrator/components/com_extplorer/libraries/Auth/HTTP/HTTP.php 704
> update/components/com_jreviews_bak/jreviews/controllers/media_controller.php 698
> update/components/com_jreviews/jreviews/controllers/media_controller.php 698
> update/administrator/components/com_akeeba/akeeba/utils/securesettings.php 698
> update/administrator/components/com_admintools/akeeba/utils/securesettings.php 698
> components/com_mailster/controllers/profile.php 698
> components/com_jreviews_bak/jreviews/controllers/media_controller.php 698
> components/com_jreviews/jreviews/controllers/media_controller.php 698
> administrator/components/com_akeeba/akeeba/utils/securesettings.php 698
> administrator/components/com_admintools/akeeba/utils/securesettings.php 698
> update/chat/modules/chatrooms/chatroomsjs.php 697
> update/components/com_jreviews_bak/jreviews/controllers/media_upload_controller.php 697
> update/components/com_jreviews_bak/jreviews/controllers/components/media_encoding_encoding.php 697
> update/components/com_jreviews_bak/jreviews/admin_controllers/admin_media_upload_controller.php 697
> update/components/com_fabrik/libs/getid3/getid3/extension.cache.mysql.php 697
> update/components/com_community/helpers/image.php 697
> update/components/com_community/helpers/remote.php 697
> update/components/com_community/libraries/videos.php 697
> update/components/com_jreviews/jreviews/controllers/media_upload_controller.php 697
> update/components/com_jreviews/jreviews/controllers/components/media_encoding_encoding.php 697
> update/components/com_jreviews/jreviews/admin_controllers/admin_media_upload_controller.php 697
> update/administrator/components/com_extplorer/scripts/functions.js.php 697
> update/administrator/components/com_akeeba/restore.php 697
> update/administrator/components/com_akeeba/akeeba/plugins/utils/azure.php 697
> update/administrator/components/com_akeeba/akeeba/plugins/engines/proc/sftp.php 697
> update/administrator/components/com_joomlaupdate/restore.php 697
> update/administrator/components/com_community/libraries/autoupdate.php 697
> components/com_jreviews_bak/jreviews/controllers/media_upload_controller.php 697
> components/com_jreviews_bak/jreviews/controllers/components/media_encoding_encoding.php 697
> components/com_jreviews_bak/jreviews/admin_controllers/admin_media_upload_controller.php 697
> components/com_fabrik/libs/getid3/getid3/extension.cache.mysql.php 697
> components/com_community/helpers/image.php 697
> components/com_community/helpers/remote.php 697
> components/com_community/libraries/videos.php 697
> components/com_jreviews/jreviews/controllers/media_upload_controller.php 697
> components/com_jreviews/jreviews/controllers/components/media_encoding_encoding.php 697
> components/com_jreviews/jreviews/admin_controllers/admin_media_upload_controller.php 697
> administrator/components/com_extplorer/scripts/functions.js.php 697
> administrator/components/com_akeeba/restore.php 697
> administrator/components/com_akeeba/akeeba/plugins/utils/azure.php 697
> administrator/components/com_akeeba/akeeba/plugins/engines/proc/sftp.php 697
> administrator/components/com_joomlaupdate/restore.php 697
> administrator/components/com_community/libraries/autoupdate.php 697
> sucuri-c3d73114de2b49fe94f98a9a0d3a9151.php 696
> update/sucuri-c3d73114de2b49fe94f98a9a0d3a9151.php 696
> update/plugins/fabrik_cron/email/email.php 696
> update/plugins/fabrik_element/image/image.php 696
> update/media/mod_sw_kbirthday/returnjpeX7.php 696
> update/media/com_koparent/installnR5I.php 696
> update/components/login1K6.php 696
> update/components/com_jgive/controllers/scheduleDyJ3.php 696
> update/components/com_accessmanager/rssh9R.php 696
> update/components/com_fabrik/libs/guestbookjeaQ.php 696
> update/components/com_mailto/helpers/maineL2o.php 696
> update/includes/rsse8wP.php 696
> update/modules/mod_jomsocialconnect/mobileqUP9Z.php 696
> update/lists/installer-disabled.yvjIbEjE.1383707266/lib/configMHBJA.php 696
> update/lists/templates/plugins/guestbook6KTsV.php 696
> update/libraries/fof/autoloader/component.php 696
> update/libraries/joomla/utilities/simplexml.php 696
> update/administrator/components/com_acymailing/helpers/bounce.php 696
> plugins/vmcustom/returnyqkO.php 696
> plugins/fabrik_cron/email/email.php 696
> plugins/fabrik_element/image/image.php 696
> media/mod_sw_kbirthday/returnjpeX7.php 696
> media/com_koparent/installnR5I.php 696
> language/pl-PL/schedulergOv.php 696
> components/com_jgive/controllers/scheduleDyJ3.php 696
> components/com_fss/abookayI.php 696
> components/com_accessmanager/rssh9R.php 696
> components/com_fabrik/libs/guestbookjeaQ.php 696
> components/com_mailto/helpers/maineL2o.php 696
> components/com_zoo/partials/ticketug2B.php 696
> modules/mod_jomsocialconnect/mobileqUP9Z.php 696
> libraries/fof/autoloader/component.php 696
> libraries/joomla/utilities/simplexml.php 696
> update/components/com_akeeba/models/jsons.php 677
> components/com_akeeba/models/jsons.php 677
> update/components/com_fabrik/libs/getid3/getid3/write.vorbiscomment.php 676
> components/com_fabrik/libs/getid3/getid3/write.vorbiscomment.php 676
> update/plugins/fabrik_cron/index2idp.php 645
> update/dada_mail_support_files/ckeditor/configLLS.php 645
> update/media/com_fabrik/loginfHry.php 645
> update/chat/plugins/chattime/logoff7Feq.php 645
> update/chat/themes/default/bannerNOC.php 645
> update/chat/modules/facebook/confighRxP.php 645
> update/components/com_contact/views/faqeMkb.php 645
> update/modules/mod_articles_categories/checkoutMEwi.php 645
> update/modules/mod_articles_news/ticketYGps.php 645
> update/templates/yoo_nano3/popupc26i.php 645
> update/templates/yoo_studio/popupSKgs.php 645
> plugins/fabrik_cron/index2idp.php 645
> media/com_fabrik/loginfHry.php 645
> components/com_jevents/views/abookhBz.php 645
> components/com_contact/views/faqeMkb.php 645
> modules/mod_articles_categories/checkoutMEwi.php 645
> modules/mod_articles_news/ticketYGps.php 645
> modules/mod_photocomments/infofzn.php 645
> modules/mod_activitystream/statisticszVT.php 645
> templates/yoo_nano3/popupc26i.php 645
> templates/yoo_studio/popupSKgs.php 645
> update/chat/cometchat_init.php 602
> chat/cometchat_init.php 602
> components/com_cjlib/framework/functions.php 469
> update/components/com_jreviews_bak/jreviews/admin_controllers/admin_reviews_controller.php 466
> update/components/com_jreviews_bak/jreviews/admin_controllers/my_controller.php 466
> update/components/com_jreviews/jreviews/admin_controllers/my_controller.php 466
> components/com_jreviews_bak/jreviews/admin_controllers/admin_reviews_controller.php 466
> components/com_jreviews_bak/jreviews/admin_controllers/my_controller.php 466
> components/com_jreviews/jreviews/admin_controllers/my_controller.php 466
> update/plugins/jevents/jevlocations/jevlocations.php 465
> update/plugins/jnews/forwardtofriend/forwardtofriend.php 465
> update/chat/admin/modules.m.php 465
> update/chat/admin/language.m.php 465
> update/chat/modules/twitter/class.twitter.php 465
> update/components/com_kunena/controllers/user.php 465
> update/components/com_jreviews_bak/jreviews/controllers/components/media_encoding_facebook.php 465
> update/components/com_jreviews_bak/jreviews/admin_controllers/admin_listings_controller.php 465
> update/components/com_jreviews_bak/jreviews/admin_controllers/license_controller.php 465
> update/components/com_jreviews_bak/jreviews/admin_controllers/admin_everywhere_controller.php 465
> update/components/com_jreviews_bak/jreviews/admin_controllers/about_controller.php 465
> update/components/com_jreviews_bak/jreviews/admin_controllers/admin_updater_controller.php 465
> update/components/com_fss/views/admin/view.html.php 465
> update/components/com_users/controllers/user.php 465
> update/components/com_acymailing/inc/phpmailer/class.smtp.php 465
> update/components/com_acymailing/inc/pear/pop3.php 465
> update/components/com_community/helpers/videos.php 465
> update/components/com_community/libraries/zencoder.php 465
> update/components/com_jce/editor/tiny_mce/plugins/spellchecker/classes/pspellshell.php 465
> update/components/com_weblinks/controllers/weblink.php 465
> update/components/com_weblinks/models/form.php 465
> update/components/com_koparent/views/advert/view.pdf.php 465
> update/components/com_content/controllers/article.php 465
> update/components/com_jreviews/jreviews/controllers/components/media_encoding_facebook.php 465
> update/components/com_jreviews/jreviews/admin_controllers/admin_reviews_controller.php 465
> update/components/com_jreviews/jreviews/admin_controllers/admin_listings_controller.php 465
> update/components/com_jreviews/jreviews/admin_controllers/license_controller.php 465
> update/components/com_jreviews/jreviews/admin_controllers/admin_everywhere_controller.php 465
> update/components/com_jreviews/jreviews/admin_controllers/about_controller.php 465
> update/components/com_jreviews/jreviews/admin_controllers/admin_updater_controller.php 465
> update/libraries/joomla/error/profiler.php 465
> update/administrator/components/com_extplorer/libraries/SSH2.php 465
> update/administrator/components/com_extplorer/libraries/FTP/Socket.php 465
> update/administrator/components/com_autogroup/liveupdate/classes/download.php 465
> update/administrator/components/com_autogroup/liveupdate/classes/storage/component.php 465
> update/administrator/components/com_akeeba/controllers/cpanel.php 465
> update/administrator/components/com_akeeba/akeeba/plugins/utils/cloudfiles.php 465
> update/administrator/components/com_akeeba/akeeba/plugins/utils/box.php 465
> update/administrator/components/com_akeeba/akeeba/plugins/engines/proc/dropbox.php 465
> update/administrator/components/com_akeeba/alice/core/domain/checks/runtimeerrors/timeout.php 465
> update/administrator/components/com_akeeba/liveupdate/classes/download.php 465
> update/administrator/components/com_users/models/users.php 465
> update/administrator/components/com_joomlaupdate/helpers/download.php 465
> update/administrator/components/com_admintools/helpers/download.php 465
> update/administrator/components/com_admintools/liveupdate/classes/download.php 465
> plugins/jevents/jevlocations/jevlocations.php 465
> plugins/jnews/forwardtofriend/forwardtofriend.php 465
> chat/integration.php 465
> components/com_kunena/controllers/user.php 465
> components/com_jreviews_bak/jreviews/controllers/components/media_encoding_facebook.php 465
> components/com_jreviews_bak/jreviews/admin_controllers/admin_listings_controller.php 465
> components/com_jreviews_bak/jreviews/admin_controllers/license_controller.php 465
> components/com_jreviews_bak/jreviews/admin_controllers/admin_everywhere_controller.php 465
> components/com_jreviews_bak/jreviews/admin_controllers/about_controller.php 465
> components/com_jreviews_bak/jreviews/admin_controllers/admin_updater_controller.php 465
> components/com_users/controllers/user.php 465
> components/com_acymailing/inc/phpmailer/class.smtp.php 465
> components/com_acymailing/inc/pear/pop3.php 465
> components/com_community/helpers/videos.php 465
> components/com_community/libraries/zencoder.php 465
> components/com_jce/editor/tiny_mce/plugins/spellchecker/classes/pspellshell.php 465
> components/com_weblinks/controllers/weblink.php 465
> components/com_weblinks/models/form.php 465
> components/com_koparent/views/advert/view.pdf.php 465
> components/com_content/controllers/article.php 465
> components/com_jreviews/jreviews/controllers/components/media_encoding_facebook.php 465
> components/com_jreviews/jreviews/admin_controllers/admin_reviews_controller.php 465
> components/com_jreviews/jreviews/admin_controllers/admin_listings_controller.php 465
> components/com_jreviews/jreviews/admin_controllers/license_controller.php 465
> components/com_jreviews/jreviews/admin_controllers/admin_everywhere_controller.php 465
> components/com_jreviews/jreviews/admin_controllers/about_controller.php 465
> components/com_jreviews/jreviews/admin_controllers/admin_updater_controller.php 465
> modules/mod_stats/checkoutPYYJ.php 465
> libraries/joomla/error/profiler.php 465
> administrator/components/com_extplorer/libraries/SSH2.php 465
> administrator/components/com_extplorer/libraries/FTP/Socket.php 465
> administrator/components/com_autogroup/liveupdate/classes/download.php 465
> administrator/components/com_autogroup/liveupdate/classes/storage/component.php 465
> administrator/components/com_akeeba/controllers/cpanel.php 465
> administrator/components/com_akeeba/akeeba/plugins/utils/cloudfiles.php 465
> administrator/components/com_akeeba/akeeba/plugins/utils/box.php 465
> administrator/components/com_akeeba/akeeba/plugins/engines/proc/dropbox.php 465
> administrator/components/com_akeeba/alice/core/domain/checks/runtimeerrors/timeout.php 465
> administrator/components/com_users/models/users.php 465
> administrator/components/com_joomlaupdate/helpers/download.php 465
> administrator/components/com_admintools/helpers/download.php 465
> update/plugins/fabrik_element/date/date.php 464
> update/plugins/fabrik_element/databasejoin/databasejoin.php 464
> update/plugins/fabrik_validationrule/php/php.php 464
> update/dada_mail_support_files/kcfinder/core/browser.php 464
> update/components/com_fabrik/models/list.php 464
> update/modules/mod_jumi/tmpl/default.php 464
> update/modules/mod_jevents_switchview/mod_jevents_switchview.php 464
> update/lists/extras/packages/kcfinder/core/browser.php 464
> update/administrator/components/com_mailster/views/mailster/tmpl/default.php 464
> update/administrator/components/com_jumi/module/tmpl/default.php 464
> update/administrator/components/com_acymailing/types/acl.php 464
> update/administrator/components/com_acymailing/types/listslanguages.php 464
> update/administrator/components/com_comprofiler_old/Snoopy.class.php 464
> update/administrator/components/com_comprofiler_old/controller/controller.default.php 464
> plugins/fabrik_element/date/date.php 464
> plugins/fabrik_element/databasejoin/databasejoin.php 464
> plugins/fabrik_validationrule/php/php.php 464
> components/com_cjlib/forms/form.php 464
> components/com_fabrik/models/list.php 464
> modules/mod_jumi/tmpl/default.php 464
> modules/mod_jevents_switchview/mod_jevents_switchview.php 464
> administrator/components/com_mailster/views/mailster/tmpl/default.php 464
> administrator/components/com_mailster/views/sync/tmpl/default.php 464
> administrator/components/com_jumi/module/tmpl/default.php 464
> administrator/components/com_acymailing/types/acl.php 464
> administrator/components/com_acymailing/types/listslanguages.php 464
> administrator/components/com_comprofiler_old/Snoopy.class.php 464
> administrator/components/com_comprofiler_old/controller/controller.default.php 464
> components/com_cjlib/lib/tcpdf/include/tcpdf_static.php 446
> update/cli/akeeba-altbackup.php 444
> update/components/com_acymailing/inc/ipinfodb.php 444
> update/components/com_acymailing/inc/pear/pear.php 444
> update/components/com_fabrik/libs/getid3/getid3/module.audio.shorten.php 444
> update/libraries/phpmailer/phpmailer.php 444
> update/libraries/joomla/application/daemon.php 444
> update/administrator/components/com_extplorer/libraries/PEAR.php 444
> update/administrator/components/com_comprofiler_old/library/pear/pear.php 444
> cli/akeeba-altbackup.php 444
> components/com_acymailing/inc/ipinfodb.php 444
> components/com_acymailing/inc/pear/pear.php 444
> components/com_fabrik/libs/getid3/getid3/module.audio.shorten.php 444
> libraries/phpmailer/phpmailer.php 444
> libraries/joomla/application/daemon.php 444
> administrator/components/com_extplorer/libraries/PEAR.php 444
> administrator/components/com_comprofiler_old/library/pear/pear.php 444
> update/components/com_jevents/libraries/iCalImport.php 433
> components/com_jevents/libraries/iCalImport.php 433
> update/components/com_acymailing/inc/phpmailer/class.phpmailer.php 423
> update/components/com_jce/editor/extensions/filesystem/joomla.php 423
> update/administrator/components/com_zoo/controllers/configuration.php 423
> update/administrator/components/com_zoo/helpers/import.php 423
> update/administrator/components/com_jreviews/jreviews.php 423
> components/com_acymailing/inc/phpmailer/class.phpmailer.php 423
> components/com_jce/editor/extensions/filesystem/joomla.php 423
> administrator/components/com_zoo/controllers/configuration.php 423
> administrator/components/com_zoo/helpers/import.php 423
> administrator/components/com_jreviews/jreviews.php 423
> update/administrator/components/com_extplorer/webdav_authenticate.php 239
> administrator/components/com_extplorer/webdav_authenticate.php 239
> update/components/com_jgive/models/donations.php 235
> components/com_jgive/models/donations.php 235
> update/administrator/components/com_zoo/libraries/mollom/mollom.php 234
> administrator/components/com_zoo/libraries/mollom/mollom.php 234
> update/plugins/jevents/jevrsvppro/filters/Hidefornoninvitees.php 233
> update/plugins/payment/paypalpro/paypalpro.php 233
> update/plugins/system/highlight/highlight.php 233
> update/plugins/rsvppro/authorizenet/authorizenet.php 233
> update/plugins/rsvppro/virtuemart/virtuemart.php 233
> update/chat/plugins/chathistory/index.php 233
> update/chat/modules/chatrooms/index.php 233
> update/components/com_rsvppro/controllers/accounts.php 233
> update/components/com_rsvppro/controllers/reminders.php 233
> update/components/com_jreviews_bak/jreviews/controllers/components/everywhere.php 233
> update/components/com_s2framework/vendors/xmlrpc/xmlrpc.class.php 233
> update/components/com_s2framework/vendors/twitter/OAuth.php 233
> update/components/com_jgive/models/masspayment.php 233
> update/components/com_jevents/router.php 233
> update/components/com_jevents/libraries/iCalEventDetail.php 233
> update/components/com_fss/cron/emailcheck.php 233
> update/components/com_users/models/login.php 233
> update/components/com_fabrik/libs/abraham-twitteroauth/twitteroauth/OAuth.php 233
> update/components/com_fabrik/libs/getid3/getid3/module.audio.ogg.php 233
> update/components/com_community/libraries/streamer.php 233
> update/components/com_alphauserpoints/assets/phpThumb/phpThumb.php 233
> update/components/com_koparent/controller.php 233
> update/components/com_content/models/form.php 233
> update/components/com_zoo/controllers/submission.php 233
> update/components/com_jreviews/jreviews/controllers/components/everywhere.php 233
> update/components/com_s2framework_bak/vendors/xmlrpc/xmlrpc.class.php 233
> update/components/com_s2framework_bak/vendors/twitter/OAuth.php 233
> update/templates/js_fresh/html/mod_login/default.php 233
> update/libraries/fof/encrypt/aes.php 233
> update/libraries/koparent/controller/form.php 233
> update/libraries/koparent/helper/paypal.php 233
> update/administrator/components/com_mailster/mailster/mail/MailingListMailbox.php 233
> update/administrator/components/com_mailster/mailster/utils/ConverterUtils.php 233
> update/administrator/components/com_rsvppro/libraries/inviteehelper.php 233
> update/administrator/components/com_rsvppro/libraries/attendeehelper.php 233
> update/administrator/components/com_rsvppro/libraries/reminderhelper.php 233
> update/administrator/components/com_login/models/login.php 233
> update/administrator/components/com_autogroup/liveupdate/classes/storage/storage.php 233
> update/administrator/components/com_media/controllers/file.php 233
> update/administrator/components/com_akeeba/akeeba/utils/tempvars.php 233
> update/administrator/components/com_akeeba/akeeba/utils/encrypt.php 233
> update/administrator/components/com_akeeba/models/cpanels.php 233
> update/administrator/components/com_akeeba/alice/utils/tempvars.php 233
> update/administrator/components/com_akeeba/liveupdate/classes/storage/storage.php 233
> update/administrator/components/com_admintools/akeeba/utils/tempvars.php 233
> update/administrator/components/com_admintools/akeeba/utils/encrypt.php 233
> update/administrator/components/com_admintools/models/cleantmp.php 233
> update/administrator/components/com_admintools/models/htmaker.php 233
> update/administrator/components/com_admintools/liveupdate/classes/storage/storage.php 233
> update/administrator/components/com_widgetkit/classes/OAuth.php 233
> update/administrator/components/com_menus/controllers/item.php 233
> update/administrator/components/com_zoo/libraries/twitter/OAuth.php 233
> update/administrator/components/com_templates/controllers/source.php 233
> update/administrator/components/com_templates/models/source.php 233
> plugins/jevents/jevrsvppro/filters/Hidefornoninvitees.php 233
> plugins/payment/paypalpro/paypalpro.php 233
> plugins/system/highlight/highlight.php 233
> plugins/rsvppro/authorizenet/authorizenet.php 233
> plugins/rsvppro/virtuemart/virtuemart.php 233
> chat/cometchat_guests.php 233
> chat/admin/modules.m.php 233
> chat/plugins/chathistory/index.php 233
> chat/modules/chatrooms/index.php 233
> components/com_mailster/views/mail/view.html.php 233
> components/com_mailster/views/thread/view.html.php 233
> components/com_cjlib/cjlib.php 233
> components/com_rsvppro/controllers/accounts.php 233
> components/com_rsvppro/controllers/reminders.php 233
> components/com_jreviews_bak/jreviews/controllers/components/everywhere.php 233
> components/com_s2framework/vendors/xmlrpc/xmlrpc.class.php 233
> components/com_s2framework/vendors/twitter/OAuth.php 233
> components/com_jgive/models/masspayment.php 233
> components/com_jevents/router.php 233
> components/com_jevents/libraries/iCalEventDetail.php 233
> components/com_fss/cron/emailcheck.php 233
> components/com_fss/helper/helper.php 233
> components/com_users/models/login.php 233
> components/com_fabrik/libs/abraham-twitteroauth/twitteroauth/OAuth.php 233
> components/com_fabrik/libs/getid3/getid3/module.audio.ogg.php 233
> components/com_community/libraries/streamer.php 233
> components/com_alphauserpoints/assets/phpThumb/phpThumb.php 233
> components/com_koparent/controller.php 233
> components/com_content/models/form.php 233
> components/com_zoo/controllers/submission.php 233
> components/com_jreviews/jreviews/controllers/components/everywhere.php 233
> components/com_s2framework_bak/vendors/xmlrpc/xmlrpc.class.php 233
> components/com_s2framework_bak/vendors/twitter/OAuth.php 233
> templates/js_fresh/html/mod_login/default.php 233
> libraries/fof/encrypt/aes.php 233
> libraries/koparent/controller/form.php 233
> libraries/koparent/helper/paypal.php 233
> administrator/components/com_mailster/mailster/mail/MailingListMailbox.php 233
> administrator/components/com_mailster/mailster/utils/ConverterUtils.php 233
> administrator/components/com_rsvppro/libraries/inviteehelper.php 233
> administrator/components/com_rsvppro/libraries/attendeehelper.php 233
> administrator/components/com_rsvppro/libraries/reminderhelper.php 233
> administrator/components/com_login/models/login.php 233
> administrator/components/com_autogroup/liveupdate/classes/storage/storage.php 233
> administrator/components/com_media/controllers/file.php 233
> administrator/components/com_akeeba/akeeba/utils/tempvars.php 233
> administrator/components/com_akeeba/akeeba/utils/encrypt.php 233
> administrator/components/com_akeeba/models/cpanels.php 233
> administrator/components/com_akeeba/alice/utils/tempvars.php 233
> administrator/components/com_admintools/akeeba/utils/tempvars.php 233
> administrator/components/com_admintools/akeeba/utils/encrypt.php 233
> administrator/components/com_admintools/models/cleantmp.php 233
> administrator/components/com_admintools/models/htmaker.php 233
> administrator/components/com_widgetkit/classes/OAuth.php 233
> administrator/components/com_menus/controllers/item.php 233
> administrator/components/com_zoo/libraries/twitter/OAuth.php 233
> administrator/components/com_templates/controllers/source.php 233
> administrator/components/com_templates/models/source.php 233
> update/plugins/jevents/jevrsvppro/rsvppro/jevrattendance.php 232
> update/plugins/jevents/jevrsvppro/rsvppro/JSON/JSON.php 232
> update/plugins/payment/authorizenet/authorizenet.php 232
> update/plugins/payment/authorizenet/authorizenet/lib/shared/AuthorizeNetRequest.php 232
> update/plugins/payment/adaptive_paypal/adaptive_paypal.php 232
> update/plugins/content/geshi/geshi/geshi/php.php 232
> update/plugins/fabrik_cron/php/php.php 232
> update/plugins/fabrik_element/field/field.php 232
> update/plugins/fabrik_element/link/link.php 232
> update/plugins/fabrik_element/dropdown/dropdown.php 232
> update/plugins/fabrik_form/php/php.php 232
> update/plugins/fabrik_list/php/php.php 232
> update/plugins/authentication/gmail/gmail.php 232
> update/plugins/system/jumi/jumi.php 232
> update/plugins/system/jat3/jat3/core/admin/util.php 232
> update/plugins/system/jat3/jat3/core/libs/JSON.php 232
> update/plugins/system/jat3/jat3/core/joomla/documenthtml.php 232
> update/plugins/system/azrul.system/pc_includes/JSON.php 232
> update/plugins/system/jomsocialupdate/jomsocialupdate.php 232
> update/plugins/community/twitter/twitter/api_class.php 232
> update/plugins/rsvppro/authorizenet/anet_php_sdk/lib/shared/AuthorizeNetRequest.php 232
> update/media/widgetkit/widgets/twitter/twitter.php 232
> update/chat/php4functions.php 232
> update/chat/integration.php 232
> update/chat/modules/games/contents.php 232
> update/components/com_jreviews_bak/jreviews/plugins/twitter.php 232
> update/components/com_jreviews_bak/jreviews/views/helpers/media.php 232
> update/components/com_jreviews_bak/jreviews/controllers/components/media_storage_dailymotion.php 232
> update/components/com_jreviews_bak/jreviews/controllers/components/media_storage_youtube.php 232
> update/components/com_jreviews_bak/jreviews/controllers/components/media_encoding_zencoder.php 232
> update/components/com_jreviews_bak/jreviews/controllers/components/media_storage_vimeo.php 232
> update/components/com_jreviews_bak/jreviews/controllers/components/media_encoding_transloadit.php 232
> update/components/com_jreviews_bak/jreviews/admin_controllers/common_controller.php 232
> update/components/com_jreviews_bak/jreviews/models/everywhere/everywhere_com_bookmarks.php 232
> update/components/com_jumi/views/application/view.html.php 232
> update/components/com_s2framework/s2framework/libs/cms_compat/joomla.php 232
> update/components/com_s2framework/vendors/storage/amazon/s3.php 232
> update/components/com_s2framework/vendors/encoding/transloadit/CurlRequest.php 232
> update/components/com_s2framework/vendors/encoding/zencoder/Zencoder/Http.php 232
> update/components/com_s2framework/vendors/twitter/twitteroauth.php 232
> update/components/com_jevlocations/views/locations/tmpl/list.php 232
> update/components/com_jevents/libraries/JSON/JSON.php 232
> update/components/com_acymailing/controllers/archive.php 232
> update/components/com_acymailing/controllers/user.php 232
> update/components/com_fabrik/views/list/view.fabrikfeed.php 232
> update/components/com_fabrik/helpers/image.php 232
> update/components/com_fabrik/helpers/sms.php 232
> update/components/com_fabrik/helpers/parent.php 232
> update/components/com_fabrik/models/webservice.php 232
> update/components/com_fabrik/models/validation_rule.php 232
> update/components/com_fabrik/models/plugin.php 232
> update/components/com_fabrik/models/webservice/rest.php 232
> update/components/com_fabrik/models/webservice/yql.php 232
> update/components/com_fabrik/libs/bitly/bitly.php 232
> update/components/com_fabrik/libs/abraham-twitteroauth/twitteroauth/twitteroauth.php 232
> update/components/com_fabrik/libs/amazons3/S3.php 232
> update/components/com_community/templates/default/search.advancesearch.php 232
> update/components/com_community/libraries/advancesearch.php 232
> update/components/com_community/libraries/ical.php 232
> update/components/com_community/libraries/storage/s3_lib.php 232
> update/components/com_community/libraries/twitter/tmhOAuth.php 232
> update/components/com_alphauserpoints/assets/phpThumb/phpthumb.gif.php 232
> update/components/com_alphauserpoints/assets/barcode/BarcodeQR.php 232
> update/components/com_jce/editor/tiny_mce/plugins/spellchecker/classes/googlespell.php 232
> update/components/com_koparent/views/reservation/view.pdf.php 232
> update/components/com_koparent/models/submitadvert.php 232
> update/components/com_koparent/models/feed.php 232
> update/components/com_koparent/assets/googlecurrencytab_proxy.php 232
> update/components/com_jreviews/jreviews/plugins/twitter.php 232
> update/components/com_jreviews/jreviews/views/helpers/media.php 232
> update/components/com_jreviews/jreviews/controllers/components/media_storage_dailymotion.php 232
> update/components/com_jreviews/jreviews/controllers/components/media_storage_youtube.php 232
> update/components/com_jreviews/jreviews/controllers/components/media_encoding_zencoder.php 232
> update/components/com_jreviews/jreviews/controllers/components/media_storage_vimeo.php 232
> update/components/com_jreviews/jreviews/controllers/components/media_encoding_transloadit.php 232
> update/components/com_jreviews/jreviews/admin_controllers/common_controller.php 232
> update/components/com_jreviews/jreviews/models/everywhere/everywhere_com_bookmarks.php 232
> update/components/com_s2framework_bak/s2framework/libs/cms_compat/joomla.php 232
> update/components/com_s2framework_bak/vendors/storage/amazon/s3.php 232
> update/components/com_s2framework_bak/vendors/encoding/transloadit/CurlRequest.php 232
> update/components/com_s2framework_bak/vendors/encoding/zencoder/Zencoder/Http.php 232
> update/components/com_s2framework_bak/vendors/twitter/twitteroauth.php 232
> update/modules/mod_geommunity/helpers/UASparser.php 232
> update/templates/yoo_nano3/warp/src/Warp/Http/Transport/CurlTransport.php 232
> update/templates/yoo_studio/warp/helpers/http.php 232
> update/lists/extras/packages/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php 232
> update/libraries/joomla/document/html/html.php 232
> update/libraries/joomla/http/transport/curl.php 232
> update/libraries/koparent/html/html.php 232
> update/administrator/components/com_mailster/views/lists/tmpl/default.php 232
> update/administrator/components/com_extplorer/scripts/application.js.php 232
> update/administrator/components/com_extplorer/libraries/FTP.php 232
> update/administrator/components/com_extplorer/libraries/JSON.php 232
> update/administrator/components/com_extplorer/libraries/lib_zip.php 232
> update/administrator/components/com_extplorer/libraries/geshi/geshi/php.php 232
> update/administrator/components/com_extplorer/libraries/geshi/geshi/rebol.php 232
> update/administrator/components/com_extplorer/libraries/Archive/adapter/zip.php 232
> update/administrator/components/com_extplorer/libraries/Text/Diff/Engine/shell.php 232
> update/administrator/components/com_jumi/plugin/jumi.php 232
> update/administrator/components/com_autogroup/liveupdate/classes/updatefetch.php 232
> update/administrator/components/com_ijoomlainstaller/views/ijoomlainstalleradmin/view.html.php 232
> update/administrator/components/com_jevlocations/views/cats/tmpl/overview.php 232
> update/administrator/components/com_jevlocations/views/locations/tmpl/list.php 232
> update/administrator/components/com_jevlocations/views/locations/tmpl/edit.php 232
> update/administrator/components/com_jevlocations/views/categories/tmpl/overview.php 232
> update/administrator/components/com_accessmanager/plugin_system/plugin_system2.php 232
> update/administrator/components/com_akeeba/views/fsfilter/tmpl/default.php 232
> update/administrator/components/com_akeeba/views/schedule/tmpl/form.php 232
> update/administrator/components/com_akeeba/helpers/jsonlib.php 232
> update/administrator/components/com_akeeba/akeeba/plugins/utils/sugarsync.php 232
> update/administrator/components/com_akeeba/akeeba/plugins/utils/amazons3.php 232
> update/administrator/components/com_akeeba/akeeba/plugins/utils/dropbox.php 232
> update/administrator/components/com_akeeba/akeeba/utils/davclient.php 232
> update/administrator/components/com_akeeba/liveupdate/classes/updatefetch.php 232
> update/administrator/components/com_acymailing/helpers/order.php 232
> update/administrator/components/com_acymailing/helpers/campaign.php 232
> update/administrator/components/com_acymailing/types/acltable.php 232
> update/administrator/components/com_community/views/users/tmpl/edit.php 232
> update/administrator/components/com_community/controllers/controller.php 232
> update/administrator/components/com_community/models/network.php 232
> update/administrator/components/com_admintools/helpers/jsonlib.php 232
> update/administrator/components/com_admintools/liveupdate/classes/updatefetch.php 232
> update/administrator/components/com_widgetkit/helpers/http.php 232
> update/administrator/components/com_alphauserpoints/models/upgrade.php 232
> update/administrator/components/com_jce/models/updates.php 232
> update/administrator/components/com_koparent/models/advert.php 232
> update/administrator/components/com_comprofiler_old/install.comprofiler.php 232
> update/administrator/components/com_comprofiler_old/admin.comprofiler.html.php 232
> update/administrator/components/com_comprofiler_old/view/view.user.php 232
> update/administrator/components/com_zoo/libraries/twitter/twitteroauth.php 232
> update/administrator/components/com_zoo/framework/helpers/http.php 232
> update/administrator/modules/mod_batch_geocode/mod_batch_geocode.php 232
> plugins/jevents/jevrsvppro/rsvppro/jevrattendance.php 232
> plugins/jevents/jevrsvppro/rsvppro/JSON/JSON.php 232
> plugins/payment/authorizenet/authorizenet.php 232
> plugins/payment/authorizenet/authorizenet/lib/shared/AuthorizeNetRequest.php 232
> plugins/payment/adaptive_paypal/adaptive_paypal.php 232
> plugins/content/geshi/geshi/geshi/php.php 232
> plugins/fabrik_cron/php/php.php 232
> plugins/fabrik_element/field/field.php 232
> plugins/fabrik_element/link/link.php 232
> plugins/fabrik_element/dropdown/dropdown.php 232
> plugins/fabrik_form/php/php.php 232
> plugins/fabrik_list/php/php.php 232
> plugins/authentication/gmail/gmail.php 232
> plugins/user/jomsocial_geocoder/jomsocial_geocoder.php 232
> plugins/system/jumi/jumi.php 232
> plugins/system/jat3/jat3/core/admin/util.php 232
> plugins/system/jat3/jat3/core/libs/JSON.php 232
> plugins/system/jat3/jat3/core/joomla/documenthtml.php 232
> plugins/system/akgeoip/lib/vendor/guzzle/guzzle/src/Guzzle/Http/Curl/CurlMulti.php 232
> plugins/system/azrul.system/pc_includes/JSON.php 232
> plugins/system/jomsocialupdate/jomsocialupdate.php 232
> plugins/community/twitter/twitter/api_class.php 232
> plugins/rsvppro/authorizenet/anet_php_sdk/lib/shared/AuthorizeNetRequest.php 232
> media/widgetkit/widgets/twitter/twitter.php 232
> cli/akeeba-altcheck-failed.php 232
> chat/php4functions.php 232
> chat/modules/games/contents.php 232
> components/com_mailster/extras/cronjob_mailster.php 232
> components/com_cjlib/jquery/social/socialcounts.php 232
> components/com_cjlib/twitter/tinyurl.php 232
> components/com_cjlib/twitter/bitly.php 232
> components/com_cjlib/framework/xssclean.php 232
> components/com_jreviews_bak/jreviews/plugins/twitter.php 232
> components/com_jreviews_bak/jreviews/views/helpers/media.php 232
> components/com_jreviews_bak/jreviews/controllers/components/media_storage_dailymotion.php 232
> components/com_jreviews_bak/jreviews/controllers/components/media_storage_youtube.php 232
> components/com_jreviews_bak/jreviews/controllers/components/media_encoding_zencoder.php 232
> components/com_jreviews_bak/jreviews/controllers/components/media_storage_vimeo.php 232
> components/com_jreviews_bak/jreviews/controllers/components/media_encoding_transloadit.php 232
> components/com_jreviews_bak/jreviews/admin_controllers/common_controller.php 232
> components/com_jreviews_bak/jreviews/models/everywhere/everywhere_com_bookmarks.php 232
> components/com_jumi/views/application/view.html.php 232
> components/com_s2framework/s2framework/libs/cms_compat/joomla.php 232
> components/com_s2framework/vendors/storage/amazon/s3.php 232
> components/com_s2framework/vendors/encoding/transloadit/CurlRequest.php 232
> components/com_s2framework/vendors/encoding/zencoder/Zencoder/Http.php 232
> components/com_s2framework/vendors/twitter/twitteroauth.php 232
> components/com_jevlocations/views/locations/tmpl/list.php 232
> components/com_jevents/libraries/JSON/JSON.php 232
> components/com_acymailing/controllers/archive.php 232
> components/com_acymailing/controllers/user.php 232
> components/com_fabrik/views/list/view.fabrikfeed.php 232
> components/com_fabrik/helpers/image.php 232
> components/com_fabrik/helpers/sms.php 232
> components/com_fabrik/helpers/parent.php 232
> components/com_fabrik/models/webservice.php 232
> components/com_fabrik/models/validation_rule.php 232
> components/com_fabrik/models/plugin.php 232
> components/com_fabrik/models/webservice/rest.php 232
> components/com_fabrik/models/webservice/yql.php 232
> components/com_fabrik/libs/bitly/bitly.php 232
> components/com_fabrik/libs/abraham-twitteroauth/twitteroauth/twitteroauth.php 232
> components/com_fabrik/libs/amazons3/S3.php 232
> components/com_community/templates/default/search.advancesearch.php 232
> components/com_community/libraries/advancesearch.php 232
> components/com_community/libraries/ical.php 232
> components/com_community/libraries/storage/s3_lib.php 232
> components/com_community/libraries/twitter/tmhOAuth.php 232
> components/com_alphauserpoints/assets/phpThumb/phpthumb.gif.php 232
> components/com_alphauserpoints/assets/barcode/BarcodeQR.php 232
> components/com_jce/editor/tiny_mce/plugins/spellchecker/classes/googlespell.php 232
> components/com_koparent/views/reservation/view.pdf.php 232
> components/com_koparent/models/submitadvert.php 232
> components/com_koparent/models/feed.php 232
> components/com_koparent/assets/googlecurrencytab_proxy.php 232
> components/com_jreviews/jreviews/plugins/twitter.php 232
> components/com_jreviews/jreviews/views/helpers/media.php 232
> components/com_jreviews/jreviews/controllers/components/media_storage_dailymotion.php 232
> components/com_jreviews/jreviews/controllers/components/media_storage_youtube.php 232
> components/com_jreviews/jreviews/controllers/components/media_encoding_zencoder.php 232
> components/com_jreviews/jreviews/controllers/components/media_storage_vimeo.php 232
> components/com_jreviews/jreviews/controllers/components/media_encoding_transloadit.php 232
> components/com_jreviews/jreviews/admin_controllers/common_controller.php 232
> components/com_jreviews/jreviews/models/everywhere/everywhere_com_bookmarks.php 232
> components/com_s2framework_bak/s2framework/libs/cms_compat/joomla.php 232
> components/com_s2framework_bak/vendors/storage/amazon/s3.php 232
> components/com_s2framework_bak/vendors/encoding/transloadit/CurlRequest.php 232
> components/com_s2framework_bak/vendors/encoding/zencoder/Zencoder/Http.php 232
> components/com_s2framework_bak/vendors/twitter/twitteroauth.php 232
> modules/mod_geommunity_js/helpers/UASparser.php 232
> templates/yoo_nano3/warp/src/Warp/Http/Transport/CurlTransport.php 232
> templates/yoo_studio/warp/helpers/http.php 232
> libraries/joomla/document/html/html.php 232
> libraries/joomla/http/transport/curl.php 232
> libraries/koparent/html/html.php 232
> administrator/components/com_mailster/views/lists/tmpl/default.php 232
> administrator/components/com_mailster/mailster/lib/mathcaptcha/MathCaptcha.php 232
> administrator/components/com_extplorer/scripts/application.js.php 232
> administrator/components/com_extplorer/libraries/FTP.php 232
> administrator/components/com_extplorer/libraries/JSON.php 232
> administrator/components/com_extplorer/libraries/lib_zip.php 232
> administrator/components/com_extplorer/libraries/geshi/geshi/php.php 232
> administrator/components/com_extplorer/libraries/geshi/geshi/rebol.php 232
> administrator/components/com_extplorer/libraries/Archive/adapter/zip.php 232
> administrator/components/com_extplorer/libraries/Text/Diff/Engine/shell.php 232
> administrator/components/com_jumi/plugin/jumi.php 232
> administrator/components/com_autogroup/liveupdate/classes/updatefetch.php 232
> administrator/components/com_ijoomlainstaller/views/ijoomlainstalleradmin/view.html.php 232
> administrator/components/com_jevlocations/views/cats/tmpl/overview.php 232
> administrator/components/com_jevlocations/views/locations/tmpl/list.php 232
> administrator/components/com_jevlocations/views/locations/tmpl/edit.php 232
> administrator/components/com_jevlocations/views/categories/tmpl/overview.php 232
> administrator/components/com_accessmanager/plugin_system/plugin_system2.php 232
> administrator/components/com_akeeba/views/fsfilter/tmpl/default.php 232
> administrator/components/com_akeeba/views/schedule/tmpl/form_runbackups.php 232
> administrator/components/com_akeeba/views/schedule/tmpl/form_checkbackups.php 232
> administrator/components/com_akeeba/helpers/jsonlib.php 232
> administrator/components/com_akeeba/akeeba/plugins/utils/sugarsync.php 232
> administrator/components/com_akeeba/akeeba/plugins/utils/amazons3.php 232
> administrator/components/com_akeeba/akeeba/plugins/utils/dropbox.php 232
> administrator/components/com_akeeba/akeeba/utils/davclient.php 232
> administrator/components/com_acymailing/install.acymailing.php 232
> administrator/components/com_acymailing/helpers/order.php 232
> administrator/components/com_acymailing/helpers/campaign.php 232
> administrator/components/com_acymailing/types/acltable.php 232
> administrator/components/com_community/views/users/tmpl/edit.php 232
> administrator/components/com_community/controllers/controller.php 232
> administrator/components/com_community/models/network.php 232
> administrator/components/com_admintools/helpers/jsonlib.php 232
> administrator/components/com_admintools/akeeba/utils/davclient.php 232
> administrator/components/com_widgetkit/helpers/http.php 232
> administrator/components/com_alphauserpoints/models/upgrade.php 232
> administrator/components/com_jce/models/updates.php 232
> administrator/components/com_koparent/models/advert.php 232
> administrator/components/com_comprofiler_old/install.comprofiler.php 232
> administrator/components/com_comprofiler_old/admin.comprofiler.html.php 232
> administrator/components/com_comprofiler_old/view/view.user.php 232
> administrator/components/com_zoo/libraries/twitter/twitteroauth.php 232
> administrator/components/com_zoo/framework/helpers/http.php 232
> administrator/modules/mod_batch_geocode/mod_batch_geocode.php 232
> update/administrator/components/com_comprofiler_old/library/phpmailer/phpmailer.phpmailer.php 213
> administrator/components/com_comprofiler_old/library/phpmailer/phpmailer.phpmailer.php 213
> update/plugins/editors/acyeditor/acyeditor/kcfinder/core/autoload.php 212
> update/dada_mail_support_files/kcfinder/core/autoload.php 212
> update/cli/admintools-filescanner.php 212
> update/cli/akeeba-backup.php 212
> update/components/com_fabrik/libs/getid3/getid3/getid3.lib.php 212
> update/lists/extras/packages/kcfinder/core/autoload.php 212
> update/administrator/components/com_kunena/models/report.php 212
> update/administrator/components/com_extplorer/libraries/File_Operations.php 212
> update/administrator/components/com_s2framework/s2framework.php 212
> update/administrator/components/com_akeeba/controllers/buadmin.php 212
> update/administrator/components/com_akeeba/akeeba/core/domain/init.php 212
> update/administrator/components/com_akeeba/akeeba/utils/quirks.php 212
> update/administrator/components/com_akeeba/alice/core/domain/init.php 212
> update/administrator/components/com_acymailing/extensions/plg_editors_acyeditor/acyeditor/kcfinder/core/autoload.php 212
> update/administrator/components/com_admintools/akeeba/core/domain/init.php 212
> update/administrator/components/com_admintools/akeeba/utils/quirks.php 212
> update/administrator/components/com_admintools/models/scans.php 212
> update/administrator/components/com_alphauserpoints/models/reportsystem.php 212
> update/administrator/components/com_jce/controller/profiles.php 212
> update/administrator/components/com_admin/models/sysinfo.php 212
> update/administrator/components/com_zoo/helpers/backup.php 212
> update/administrator/components/com_zoo/installation/requirements.php 212
> update/administrator/components/com_zoo/framework/helpers/filesystem.php 212
> update/administrator/components/com_zoo/framework/helpers/archive.php 212
> cli/admintools-filescanner.php 212
> cli/akeeba-backup.php 212
> components/com_fabrik/libs/getid3/getid3/getid3.lib.php 212
> administrator/components/com_kunena/models/report.php 212
> administrator/components/com_extplorer/libraries/File_Operations.php 212
> administrator/components/com_s2framework/s2framework.php 212
> administrator/components/com_akeeba/controllers/buadmin.php 212
> administrator/components/com_akeeba/akeeba/core/domain/init.php 212
> administrator/components/com_akeeba/akeeba/utils/quirks.php 212
> administrator/components/com_akeeba/alice/core/domain/init.php 212
> administrator/components/com_admintools/akeeba/core/domain/init.php 212
> administrator/components/com_admintools/akeeba/utils/quirks.php 212
> administrator/components/com_admintools/models/scans.php 212
> administrator/components/com_alphauserpoints/models/reportsystem.php 212
> administrator/components/com_jce/controller/profiles.php 212
> administrator/components/com_admin/models/sysinfo.php 212
> administrator/components/com_zoo/helpers/backup.php 212
> administrator/components/com_zoo/installation/requirements.php 212
> administrator/components/com_zoo/framework/helpers/filesystem.php 212
> administrator/components/com_zoo/framework/helpers/archive.php 212
> rb.php 201
> update/rb.php 201
> update/components/com_jreviews_bak/jreviews/admin_controllers/listing_types_controller.php 201
> update/components/com_jreviews/jreviews/admin_controllers/listing_types_controller.php 201
> update/administrator/components/com_acymailing/helpers/helper.php 201
> update/administrator/components/com_fabrik/sql/install.fabrik.php 201
> components/com_jreviews_bak/jreviews/admin_controllers/listing_types_controller.php 201
> components/com_jreviews/jreviews/admin_controllers/listing_types_controller.php 201
> administrator/components/com_acymailing/helpers/helper.php 201
> administrator/components/com_acymailing/helpers/queue.php 201
> administrator/components/com_fabrik/sql/install.fabrik.php 201
> update/plugins/system/admintools/admintools/pro.php 18
> plugins/system/admintools/admintools/pro.php 18
> update/administrator/components/com_admintools/helpers/ip.php 9
> update/administrator/components/com_admintools/models/adminpw.php 9
> administrator/components/com_admintools/helpers/ip.php 9
> administrator/components/com_admintools/models/adminpw.php 9
> update/libraries/fof/dispatcher/dispatcher.php 8
> libraries/fof/dispatcher/dispatcher.php 8
> update/components/com_community/controllers/register.php 7
> components/com_community/controllers/register.php 7
> update/components/com_s2framework/s2framework/libs/cache/xcache.php 6
> update/components/com_s2framework_bak/s2framework/libs/cache/xcache.php 6
> components/com_s2framework/s2framework/libs/cache/xcache.php 6
> components/com_s2framework_bak/s2framework/libs/cache/xcache.php 6
> update/components/com_community/libraries/akismet_base.php 4
> update/components/com_alphauserpoints/controllers/invite.php 4
> update/administrator/components/com_extplorer/libraries/Auth/Auth.php 4
> update/administrator/components/com_extplorer/libraries/HTTP/WebDAV/Server.php 4
> components/com_community/libraries/akismet_base.php 4
> components/com_alphauserpoints/controllers/invite.php 4
> administrator/components/com_extplorer/libraries/Auth/Auth.php 4
> administrator/components/com_extplorer/libraries/HTTP/WebDAV/Server.php 4
> update/plugins/rsvppro/paypalipn/paypalipn.php 3
> update/components/com_community/controllers/groups.php 3
> update/libraries/joomla/session/session.php 3
> update/administrator/components/com_acymailing/helpers/acyuser.php 3
> update/administrator/components/com_zoo/libraries/akismet/akismet.php 3
> plugins/rsvppro/paypalipn/paypalipn.php 3
> components/com_community/controllers/groups.php 3
> libraries/joomla/session/session.php 3
> administrator/components/com_acymailing/helpers/acyuser.php 3
> administrator/components/com_zoo/libraries/akismet/akismet.php 3
> update/plugins/community/walls/walls.php 2
> update/components/com_jreviews_bak/jreviews/models/media_like.php 2
> update/components/com_community/controllers/photos.php 2
> update/components/com_community/models/register.php 2
> update/components/com_jreviews/jreviews/models/media_like.php 2
> update/modules/mod_geommunity/mod_geommunity.php 2
> update/libraries/kunena/forum/topic/topic.php 2
> update/libraries/kunena/forum/category/category.php 2
> update/libraries/joomla/log/loggers/formattedtext.php 2
> update/administrator/components/com_mailster/mailster/mail/MailSender.php 2
> update/administrator/components/com_extplorer/libraries/geshi/geshi/bash.php 2
> update/administrator/components/com_jevents/libraries/colorMap.php 2
> update/administrator/components/com_comprofiler_old/library/cb/cb.session.php 2
> plugins/community/walls/walls.php 2
> components/com_jreviews_bak/jreviews/models/media_like.php 2
> components/com_community/controllers/photos.php 2
> components/com_community/models/register.php 2
> components/com_jreviews/jreviews/models/media_like.php 2
> modules/mod_geommunity_js/mod_geommunity_js.php 2
> libraries/kunena/forum/topic/topic.php 2
> libraries/kunena/forum/category/category.php 2
> libraries/joomla/log/loggers/formattedtext.php 2
> administrator/components/com_mailster/mailster/mail/MailSender.php 2
> administrator/components/com_extplorer/libraries/geshi/geshi/bash.php 2
> administrator/components/com_jevents/libraries/colorMap.php 2
> administrator/components/com_comprofiler_old/library/cb/cb.session.php 2
> update/plugins/jevents/jevrsvppro/rsvppro/recaptcha/json.recaptcha.php 1
> update/plugins/fabrik_visualization/media/libs/xspf/stats.php 1
> update/plugins/content/sysplgaup_reader2author/sysplgaup_reader2author.php 1
> update/plugins/fabrik_element/fileupload/fileupload.php 1
> update/plugins/user/sysplgaup_newregistered/sysplgaup_newregistered.php 1
> update/plugins/captcha/recaptcha/recaptcha.php 1
> update/components/com_kunena/controllers/topic.php 1
> update/components/com_rsvppro/controllers/attendees.php 1
> update/components/com_s2framework/s2framework/basics.php 1
> update/components/com_fss/helper/captcha.php 1
> update/components/com_community/controllers/system.php 1
> update/components/com_community/controllers/inbox.php 1
> update/components/com_community/controllers/videos.php 1
> update/components/com_community/controllers/status.php 1
> update/components/com_community/controllers/events.php 1
> update/components/com_community/tables/wall.php 1
> update/components/com_community/libraries/wall.php 1
> update/components/com_community/libraries/reporting.php 1
> update/components/com_alphauserpoints/models/registerqrcode.php 1
> update/components/com_koparent/helpers/captcha.php 1
> update/components/com_content/models/article.php 1
> update/components/com_s2framework_bak/s2framework/basics.php 1
> update/libraries/kunena/forum/message/message.php 1
> update/libraries/kunena/spam/recaptcha.php 1
> update/libraries/koparent/helper/captcha.php 1
> update/administrator/components/com_mailster/mailster/utils/Captcha.php 1
> update/administrator/components/com_mailster/mailster/app/Log.php 1
> update/administrator/components/com_extplorer/config/mimes.php 1
> update/administrator/components/com_jevlocations/controllers/locations.php 1
> update/administrator/components/com_acymailing/classes/acyhistory.php 1
> update/administrator/components/com_admintools/views/ipwls/tmpl/form.php 1
> update/administrator/components/com_admintools/views/ipbls/tmpl/form.php 1
> update/administrator/components/com_admintools/models/eom.php 1
> update/administrator/components/com_alphauserpoints/install/plugins/sysplgaup_reader2author/sysplgaup_reader2author.php 1
> update/administrator/components/com_alphauserpoints/install/plugins/sysplgaup_newregistered/sysplgaup_newregistered.php 1
> update/administrator/components/com_zoo/framework/helpers/useragent.php 1
> plugins/jevents/jevrsvppro/rsvppro/recaptcha/json.recaptcha.php 1
> plugins/fabrik_visualization/media/libs/xspf/stats.php 1
> plugins/content/sysplgaup_reader2author/sysplgaup_reader2author.php 1
> plugins/fabrik_element/fileupload/fileupload.php 1
> plugins/user/sysplgaup_newregistered/sysplgaup_newregistered.php 1
> plugins/captcha/recaptcha/recaptcha.php 1
> components/com_kunena/controllers/topic.php 1
> components/com_rsvppro/controllers/attendees.php 1
> components/com_s2framework/s2framework/basics.php 1
> components/com_fss/helper/captcha.php 1
> components/com_community/controllers/system.php 1
> components/com_community/controllers/inbox.php 1
> components/com_community/controllers/videos.php 1
> components/com_community/controllers/status.php 1
> components/com_community/controllers/events.php 1
> components/com_community/tables/wall.php 1
> components/com_community/libraries/wall.php 1
> components/com_community/libraries/reporting.php 1
> components/com_alphauserpoints/models/registerqrcode.php 1
> components/com_koparent/helpers/captcha.php 1
> components/com_content/models/article.php 1
> components/com_s2framework_bak/s2framework/basics.php 1
> libraries/kunena/forum/message/message.php 1
> libraries/kunena/spam/recaptcha.php 1
> libraries/koparent/helper/captcha.php 1
> administrator/components/com_mailster/mailster/utils/Captcha.php 1
> administrator/components/com_mailster/mailster/app/Log.php 1
> administrator/components/com_extplorer/config/mimes.php 1
> administrator/components/com_jevlocations/controllers/locations.php 1
> administrator/components/com_acymailing/classes/acyhistory.php 1
> administrator/components/com_admintools/views/ipwls/tmpl/form.php 1
> administrator/components/com_admintools/views/ipbls/tmpl/form.php 1
> administrator/components/com_admintools/models/eom.php 1
> administrator/components/com_alphauserpoints/install/plugins/sysplgaup_reader2author/sysplgaup_reader2author.php 1
> administrator/components/com_alphauserpoints/install/plugins/sysplgaup_newregistered/sysplgaup_newregistered.php 1
> administrator/components/com_zoo/framework/helpers/useragent.php 1
> components/com_communityquiz/controllers/response.php 0

Wednesday, 19 March 2014 12:15 CDT

nicholas
Hello Keith,

The PHP file scanner bases the threat scores on the existence of signatures inside the PHP file. This script you are trying to detect is using a very underhanded way to say "base64_decode":
'base'.(32*2).'_de'.'code'

This can't be parsed automatically. In fact this kind of scripts require a human to read them. That's why it doesn't get assigned a threat score. And that's exactly why this guy has gone into great lengths to write "base64_decode" without actually writing it. Even more importantly, this guy is actually using a base64-encoded, gzipped method which is byte array encoded and obfuscated. After reversing this procedure he's using create function to make it executable. The only usable signatures are gzinflate and create function, both of which are used in perfectly legit code and therefore cannot be added as malware signatures: it would throw too many false positives.

And this is EXACTLY where the "Change" part of the PHP File Change Scanner feature's name comes into play. The first scan after you added the malicious file alerted you that a PHP file was added to your site. This is a red flag. If you didn't add a PHP file as part of an extension update it is most likely the result of a hacking attempt and requires manual inspection. A human can easily spot the endless stream of seemingly gibberish inside the file which scream "this is a hacking script".

Even if you miss it, Admin Tools does have the .htaccess Maker. One of its features is the front-end and back-end protection which prevents rogue scripts like this from being executable over the web.

Moreover we prevent most methods which would allow the hacker to upload this file in the first place.

Admin Tools is designed to provide holistic protection through the synergy of several of its features. If you expect the PHP File Change Scanner feature's "Threat Score" sub-feature to be your sole point of site security you are in big trouble. This sub-feature is designed as a quick indicator to help you prioritise which files you need to check manually, not as the one and only method to protect your site. Please use it as intended.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 19 March 2014 12:19 CDT

user79254
Thanks for the thorough reply.
It is too bad you cannot programmatically detect this type of malware.
What specific settings in the .htaccess maker would prevent execution?

Wednesday, 19 March 2014 12:55 CDT

nicholas
You need to enable the "Front-end protection" and "Back-end protection" options. They will block the execution of any .php file under your site except for Joomla!'s index.php file in the site's root and in the administrator directory.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!