PHP Scanner Result Details

Our scanner has detected suspicious code that may be malware. Please review the affected code and confirm that it should be there and doing what it is doing.

As of October 14th, 2015 there are no longer any secure versions of SSL and all HTTPS communications negotiated with their successor TLS. You can read more about this in our blog post about POODLE (https://www.ateamsystems.com/news/poodle-takes-the-last-bite-out-of-ssl-and-ie-6/).

When writing code that accesses remote content via HTTPS it is important that all verification be left on, otherwise the protections that HTTPS affords become easy to compromise. The compromise will be invisible, too, with the code sending (or receiving) data to a different server without your knowledge. This can have broad legal implications including violating PCI compliance requirements with your credit card processor. cURL provides two separate settings which are both critical to secure HTTP...