virus in 3.7.1

  • Resolved lindamjohn

    (@lindamjohn)


    9 years, 5 months ago

    Today when I upgraded to Jetpack 3.7.1, suddenly there are 2 warning messages on the top of my screen. and then a link that says ‘mature’. Clicking on it was a mistake.

    – hair pulling – panic – hours of troubleshooting –

    Reinstalled WordPress … it goes away
    Reinstalled Jetpack (not even Activated yet) … it’s back
    Reintalled WordPress … it goes away
    Activated Jetpack … still okay.

    So, you are installing a nasty virus during your install!

    Here’s the messages again:
    (From an earlier email)
    Showing up at the top of my screen when I’m logged in to wp-admin on my site. Underneath this is often a ‘mature’ link that takes one to a nasty pornographic animation.

    Warning: include(/var/chroot/home/content/66/9951866/html/wp-content/plugins/jetpack/functions.php) [function.include]: failed to open stream: No such file or directory in /home/content/66/9951866/html/wp-settings.php on line 345

    Warning: include() [function.include]: Failed opening ‘/var/chroot/home/content/66/9951866/html/wp-content/plugins/jetpack/functions.php’ for inclusion (include_path=’.:/usr/local/php5_3/lib/php’) in /home/content/66/9951866/html/wp-settings.php on line 345

    https://www.ads-software.com/plugins/jetpack/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    Warning: include(/var/chroot/home/content/66/9951866/html/wp-content/plugins/jetpack/functions.php

    Jetpack doesn’t include any functions.php file, as you can see here:
    https://github.com/Automattic/jetpack/tree/3.7.1

    It seems that your site was hacked and some malicious files were added in your plugins, and maybe in WordPress Core itself. It is possible that a malicious file now recreates that functions.php every time you install a plugin like Jetpack.

    I’d strongly suggest that you go through the steps described here to solve this issue:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    Let me know how it goes.

    Thread Starter lindamjohn

    (@lindamjohn)

    Thanks, yes, that is exactly what I deduced. I’ve removed the malicious file and it’s children. Thanks for the link; I’ll check all the steps to be sure I didn’t miss anything.

    sorry that jetpack got the blame; it was just the plug-in innocent bystander that was kidnapped. ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘virus in 3.7.1’ is closed to new replies.