Phjl casino app download apk.REGISTER NOW GET FREE 888 PESOS REWARDS!

Resolved radial
(@radial)

3 years, 9 months ago

I think jetpack was the vector allowing a malicious plugin to be installed called Yobar Wordpresa. Others have also come to the same conclusion. Discussion here: https://old.reddit.com/r/Wordpress/comments/nqu7yf/yobar_wordpresa_malware_plugin/

anyone here seen this?
thanks!

Viewing 4 replies - 1 through 4 (of 4 total)

moshebari
(@moshebari)

3 years, 9 months ago

Yep! This just appeared on one of my sites and hijacked all page links. Also had jetpack running on the site.
Plugin Author Jeremy Herve
(@jeherve)

Jetpack Mechanic ??

3 years, 9 months ago
Thanks for the report.

Jetpack, once connected to your WordPress.com account, allows you to remotely manage all your connected WordPress sites from a central dashboard. From that central dashboard, you will be able to update plugins, and also install new ones.

If you use a weak password for your Jetpack.com/WordPress.com account, or worse if you re-use a password that you’ve used on another website that had a leak in the past, malicious actors may have gained access to your Jetpack dashboard and may have installed the malicious plugin from there.

That’s a risk you take when you use a remote dashboard tool. To minimize those risks, I would strongly recommend 2 things:
1. Set up a strong, unique password.
2. Set up 2 Factor authentication so that even if someone were to gain access to your password, they won’t be able to log in without having access to your phone and its authentication app.
Once you’ve done so, I would recommend that you audit all sites connected to your WordPress.com account, and ensure that the malicious plugin is nowhere to be found on any of those sites.

I hope this helps.
Spidxel
(@spidxel)

3 years, 9 months ago

I just discovered the malicious Yobar plugin on my site, it is not on WordPress.com but on its own server. I also have the JetPAck plugin installed
Thread Starter radial
(@radial)

3 years, 8 months ago
Update on June 16, 2021, I get this email from [email protected]

Our security systems identified unusual behavior on your account. This usually happens when the password used for your WordPress.com account is also used on another service that had a data breach, or the password is weak, insecure, or easily guessable. Because the account behavior indicated that someone else might have access to your account, we reset the password and revoked any app tokens associated with the account.
You can reset your password by following the instructions in our account recovery support documentation
Your account was used to upload a malicious plugin to these sites:
<redacted list of 13 websites>

Delete the plugin from your sites via FTP. The plugin can be found by going to wp-content/plugins. The plugin will be in a folder inside of there and will be called Plugin, plugs, Builder, or log-http-requests. If you’re unsure how to do this, please contact your hosting provider for assistance.
Here is some information on how to create a secure password and how to enable 2-factor authentication (this step is not required, but it is recommended):
? https://wordpress.com/support/security/#strong-password
? https://wordpress.com/support/security/two-step-authentication/
If you have any questions, please do not hesitate to let us know.
- This reply was modified 3 years, 8 months ago by radial.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Yobar Wordpresa malware plugin’ is closed to new replies.

Tags