iThemes Security Malware Site Scanner Using Unauthorized or Defective Source

Good Day!

Grab a cup of coffee (or tea) for this one. You’ll enjoy the read ??

Our issues continue with iThemes’ new Security Site Scanner.

Background:

As we understand, iThemes Security now uses a new malware site scanning engine (i.e., host). It switched from Sucuri to Google as noted in these blogs:

(WAS) Sucuri
(IS) Google

THE SWITCH IS NOW CAUSING SERIOUS MALWARE SCANNING ISSUES (SOURCE IP AND RESULTS). THIS NEEDS TO BE ADDRESSED ASAP. IT APPEARS ITHEMES’ SITE SCANNER IS NOW USING A NON-VETTED 3RD PARTY FOR SITE SCANS – OR – ITS SITE SCANNING MODULE IS DEFECTIVE.

Details:

(1) iThemes’ automated site scans are originating from IP 35.208.55.190 as confirmed here.

(2) When we check the originating IP, we learned that the IP is assigned to a questionable site scan engine (i.e., host), 190.55.208.35.bc.googleusercontent.com, as confirmed here.

(3) Upon researching the IP, we noticed it is hosting one website “titantelescopingflagpole.com” as noted here. THIS IS ONE OF OUR KEY, SAFETY CONCERNS (I.E., TRIGGER)

(4) Last, but not least, site scans from the above IP are generating a “clean” result BUT a “red dot” (error) is being displayed in our site scan results dashboard.

Bottom Line:

“Houston, we have a problem.” iThemes needs to investigate this and fix it ASAP.

As a precaution, we blocked IP 35.208.55.190 (and associated IP 190.55.208.35 as noted here), but that ended up creating manual scan issues.

What’s going on iThemes Security? We like your plugin. This deserves top attention.

Thank you!