Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.backdoor.joomla_gen.001


Backdoors are pieces of code that allow attackers to bypass authentication, maintain their access to the server and reinfect files. Some of those malicious files can be as simple as a single line of code, allowing the execution of remote code, or complex algorithms, providing different functions to the attacker.

There are backdoors in the wild which are CMS (Content Management System) specific. Some of them are aimed e.g. on Joomla, WordPress or vBulletin (and other systems as well) using their specific commands or based on the structure of such CMS. php.backdoor.joomla_gen detection is a generic detection covering Joomla specific backdoors.


Any vulnerable Joomla site.


Cleanup is done by deleting the malicious code from the file, or replacing it with a fresh version. Reviewing access logs for non-expected HTTP POSTs can point out the possible infected files.


Part of vulnerable Joomla code:

$allowable = explode( ',', $params->get( 'upload_extensions' ));
$ignored = explode(',', $params->get( 'ignore_extensions' ));
if ($format == '' || $format == false || (!in_array($format, $allowable) && !in_array($format,$ignored)))
return false;