Malware attack
By Steve Hall on Wednesday, 08 November 2017
Posted in Technical Issues
Replies 4
Likes 0
Views 651
Votes 0
I have had a succession of malware attacks and the scan repeated indicates the following files suspicious
./administrator/components/com_easyblog/includes/xmlrpc/libraries/xmlrpc.php
./administrator/components/com_easyblog/includes/xmlrpc/libraries/xmlrpcs.php
./libraries/vendor/composer/autoload_classmap.php
./modules/mod_camera/tmpl/default.php
Can you advise please, clearly the two files at the top are part of easyblog installation. The site is currently clean as I have removed these four files
Hey Steve,

I believe these are false positives. The reason most malware scanner thinks that these files are infected is mainly because it is trying to accept XMLRPC requests and it has a lot of codes in there which might mimic what a malware does but it really isn't a malware.

xmlrpc.php (client) and xmlrpcs.php (server) is used to receive requests from apps that supports xmlrpc publishing. Example: Microsoft Word / MarsEdit.
Mark
·
Wednesday, 08 November 2017 17:51
·
0 Likes
·
0 Votes
·
0 Comments
·
Sometimes these scripts will find something suspicious but this does not mean that the code is malware. It's just warning you that there could be possible reports, but you should check again with your malware scanner provider and see why it detected these files is malware, i believe there should show something like which line of code detected as is malware code.
Arlex Wong
·
Wednesday, 08 November 2017 18:00
·
0 Likes
·
0 Votes
·
0 Comments
·
Ok thanks
Steve Hall
·
Wednesday, 08 November 2017 18:13
·
0 Likes
·
0 Votes
·
0 Comments
·
you're welcome.
Arlex Wong
·
Wednesday, 08 November 2017 18:16
·
0 Likes
·
0 Votes
·
0 Comments
·
View Full Post