JILIHOT app download.Makakuha ng libreng 700pho sa bawat deposito

Resolved Sarun developer
(@saruncloudspring)

3 years, 5 months ago

Hi,

On our site continuously installing the vulnerable plugin on our site. On simple history, we found that plugin installed by using jetpack please see below log.

_server_http_referer https://www.example.com/?for=jetpack&jetpack=comms&token=%21G%24XYaxSWexIFvA9C0D%21MG%21y8zfp%23XF4%3A1%3A33&timestamp=1624558512&nonce=TwGRNvoAxW&body-hash=xl0ZbL4Kg6X0IK4FBQo%2F0cGaJZ4%3D&signature=sDSBnHFgQYQZ7yi1N0gyVzYe25U%3D
?

How we could stop this attack permanently

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support MadHatter (a11n)
(@madhattersez)

3 years, 5 months ago

Hello, there.

I don’t quite understand your request.

What are you trying to accomplish exactly, and what isn’t working the way you expect?

Plugins are not installed through Jetpack, though it is possible to add plugins through WordPress.com if someone (or some bot) has logged in as you.

If you’d be able to provide us with more details (like what the vulnerable plugin is, how you found it keeps adding, and why you think Jetpack is a part of it – the one you provided doesn’t seem attached to the situation at hand) or screen shots of the issues you’re seeing, that would definitely help. Thanks!

Thread Starter Sarun developer
(@saruncloudspring)

3 years, 4 months ago

Yes, plugin installed by using WordPress.com we can disconnect the site from WordPress.com? If we disconnected the site from wordrpess is that affect the jetpack connection?

How we can disable plugin upload into our site using wordpress.com ? How we can stop these types of attack?
Plugin Support Animesh Gaurav (a11n)
(@bizanimesh)

3 years, 4 months ago
Hi there,

It appears that the WordPress.com account password you were using was compromised. To be clear, there has been no security breach for user accounts at WordPress.com or Jetpack. Your WordPress.com account password was compromised due to the same password being used on other services that had a data breach, or the password was weak, insecure, or easily guessed.

The plugin file you’ve seen repeatedly uploaded in the Activity Log was done by someone who accessed your WordPress.com account using the compromised password. They used that compromised password to set up an authorized connection using WordPress for Android. With this WordPress for Android connection, they were able to access your WordPress.com account. The attacker then used this access to install a plugin containing malware on your Jetpack connected site.

You should be able to delete the plugin folder from your site via FTP. The plugin can be found by going to wp-content/plugins. If you’re unsure how to do this, please contact your hosting provider for assistance.

In order to prevent this from happening again, I recommend you to do the following:
- Reset Your Password: You can reset your password here.
- Set a strong password: These instructions can help you set a strong password.
- Use Two-Factor Authentication: Set up two-factor authentication using an app like Duo or Google Authenticator. This document goes over how to do just that. SMS two-factor authentication is an option, but isn’t as secure as using an app.
- Check Your Other Passwords: If you use the same email address/password combination on other sites or services, they could also be at risk. We recommend changing your password with these other services as well. You can find more details here on how to set strong, unique passwords.
If you use the same email address/password combination on other sites, I would also recommend changing it anywhere it’s used. These practices don’t apply to just WordPress.com sites, they are applicable anywhere you store information on the web. Let us know how this goes and if you have any additional questions.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Vulnerable plugin is installing on website by using Jetpack’ is closed to new replies.

Tags