Malicious code PHP.EVAL.CRYPT in index.php

Hello Mr. Frankland,

my urgent problem:

After the upload of a new web made with Pulse 4.6 I received from my Hoster the message that in both index.php’s (admin and user index.php!!) is a malicious code “PHP.EVAL.CRYPT”.
The index files are from the ORIGINAL downloaded pulse-4-6.zip from the pulse Web at 02-22-2017.

My hoster now has blocked my account.

Is there really a malicious code in the index.php files or what can I do.

What can I tell my hoster? What should I say my costumers? What can I do?
(2.25.2016 I bought 5 licences. 3 not used till now)

Bernd

No, there is no malicious code inside Pulse. That’s just a false positive, because 4.6 included eval coding.
Tell your Hoster they should update their virus definitions :wink:

1 Like

1.- It is true that these functions are not functions that can not be misused.
Please read these links.
http://php.net/manual/en/function.eval.php
https://api.jquery.com/jquery.globaleval/

2.- EVAL (GLOBALEVAL) are used scripts:
Index.php, index.php (admin), pulsecore / misc.php, redactor.min.js and jquery.js.

3.- You can check the contents of these scripts.
Example: Edit script index.php. Copy the content between two abostrofs.

<?php eval("?>".base64_decode('
=text=
')."<?");?>

Open Web Page = https://www.base64decode.org/
Decode the content between two abostrofs.
Check the content.

4.- Request a feature (your web site provider)

IvaRo

2 Likes

Thanks for the answers, my hoster has released everything now.

Bernd

1 Like