Sorry for the late reply after some further digging I determined there was malware embedded in the class-tracking.php file of Jetpack, it seemed to have spread to the other sites and most of the files had been modified in some way or another. The only conclusion I can come to is that somehow access to the www-data user was gained on the server hosting wordpress (weather through an exploit of wordpress, jetpack, or something else is unknown). After learning the extent of the infection I determined the best course of action was to wipe the install removing any possibility of the infection lingering somewhere and restore from backups. The malware was hiding on line 1 of the class-tracking.php file with quite a number of spaces between the expected <?php> code and the malware to make it invisible at first glance. I believe it had been there for between 1 and 3 weeks and an update most likely to Jetpack made the code no longer work and so the site stopped working.
