Malware js found

Here is my suggestion.

Download the JetPack install ZIP package to your drive and do a scan of the ZIP file with your Antivirus scanner and also use Malwarebytes to scan it as well.

Also, if you know where the JS file is located in the folder structure of the plugin, access the ZIP and see if it is there.

I do this to determine if the plugin install package itself contains the malware. If it does not, then someone inserted it and you were hacked.

If you were hacked, I strongly recommend WordFence install into your WordPress. Then scan your website with that and it will detect malware and malicious hacks. It also blocks hackers from getting in.

Website hosts do not protect your WordPress site from being hacked, not even with SiteLock, which a lot of them now use. They will protect their own server files, but your site protection is all up to you. I had a client whose site was hacked and the SiteLock did not stop it.

I do strongly suggest to use Malwarebytes. Anti-virus software as Microsoft Security Essentials or any other are never 100% reliable. Using two dependable scanners increases the reliability of detection.

In the event you don’t use Malwarebytes, here is the link to download it: https://www.malwarebytes.com/

Thanks for the report!

Do you happen to remember the name of the file that was marked as suspicious? I’d like to know if that file is part of Jetpack, or if it was added to your hosting plan later on, maybe by a hacker who would have control of your site.

Could you also tell me more about your hosting provider, and the malware scanning option it offers? If your host has some support documentation about this feature, could you post a link here so I can run some tests on my end or get in touch with your host to find out more?

Thanks!

Hello Jeremy
I can’t remember the name of it sorry. I was not hacked though, it was added in the admin folder of the Jetpack plugin as a js file on my brothers website. I thought it was odd since I only ever use plugins from the WordPress Depository and I keep things up to date.

This is what my hosting provider said about it to me:
About jetpack issue, not all the versions nor the accounts are affected, as depends from the version installed, also is not jetpack itself the problem, but a script they can upload using a jetpack vulnerability so some users were affected and others not. Also if the nightly malware scan did not detected it and quarantined it most probably it wasn’t affected on that specific installation, but is a good idea have all the plugins updated and ones that are not used removed.

My hosting provider is https://www.plusplushosting.net/ if you want to get in touch with them about it.

a script they can upload using a jetpack vulnerability so some users were affected and others not.

That’s interesting. This could have happened if your brother was running an old, vulnerable version of Jetpack, released before we fix the issue:
https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/

If your hosting provider thinks the problem is now fixed, you should be all set as long as you keep WordPress and its plugins up to date!

I’m pretty sure it was the latest Jetpack version installed, it certainly was not that older version anyway. Perhaps you should contact them about it just in case so you can get to the bottom of it, or I could ask him for you if you like what the file name was. I’ve not got the Jetpack plugin installed anymore just to be safe.

Thanks for the extra details. Is there a customer number or a site URL I could use when contacting them, so they can look at your logs and tell me more?

Hi Jeremy
If you contact PlusPlus about this issue my domain name is thimblefolio.com. I’m not sure if anything was found on thimblefolio.com as when I did a scan myself it did not find the file, but it could have been removed in their routine scans before this. My sisters site is https://kathgarner.com/, my brothers is Leanii.com and my dads is https://kengarner.co.uk/.
Hope that helps and this isn’t a wild goose chase for you. I’ll tell them you may contact them about this issue as well.
Christine

Thank you. I just sent them an email and will let you know what we can figure out together!