I just had securi.com clean up a site that got blacklisted for malware and one of the pieces that it cleaned up was this:
CLEARED: Cleared malware from file: ./wp-content/plugins/bb-plugin/js/ace/snippets/java.js. Details: php.exploit.sysinfo.001
I am not sure what that means, but I thought you guys would like to be aware of it.
Thanks!
Hey Bodie! Thanks for the heads up. Does Securi provide any additional details on what was cleaned out? I double checked this file against the ace.js repo, and our file is okay. Either Securi mis-diagnosed the file as malicious or a hacker/spammer may have hid a back door in the file. If you have more info, though, we’d love to take a look. Thanks!
Hey Robby,
Here is the complete text on what they sent me:
Hello!
While scanning your files we were able to clean up the following:
OK: Hardened upload directory (./wp-content/uploads)
OK: Hardened upload directory (./wp-content/uploads/wpallimport/uploads)
OK: Removing backdoor: ./wp-content/plugins/backupbuddy/controllers/ajax/phpinfo.php
CLEARED: Cleared malware from file: ./wp-content/plugins/bb-plugin/js/ace/snippets/java.js. Details: php.exploit.sysinfo.001
I will escalate your ticket to a senior analyst so they can try to clear you from being blacklisted. They will update you once they know more!
Thanks!
Celise
Does any of that help?
Thanks Bodie. Is there any kind of reference # or ticket # provided by Securi? After checking the file in our repo, I am quite sure the malware didn’t come from us. But, I wouldn’t mind contacting Securi just to be 100% sure.
Sorry you’re site got hacked. Had a similar issue with a client site earlier this year and it’s quite a pain. Although, Securi does a great job with the cleanup! We used them too.
[Content Hidden]
I am quite sure it wasn’t you guys, either! Good thing it was a staging site.
B
Thanks Bodie. I am pretty sure of that as well. I will still reach out to Securi just to be 100% sure. I am curious if that file might be causing a false alarm, too. Either way, thanks again for the heads up!
Robby,
Just got this from Sucuri scan today:
Our server side scanner identified some issues on the website: new.hcf.cc:
Warning: File possibly compromised: ./wp-content/plugins/bb-plugin/js/ace/snippets/java.js (php.exploit.sysinfo.001). Manual review recommended.
Did you ever reach out to them?
Hey Bodie,
We just received this from Sucuri today. Everything appears to be ok.
We are aware that a new version of our scanner generated some false positives and we are addressing every one of them. As far as I can check Ace was whitelisted and should be available in the next update.
Justin
Awesome! Thanks for the update. I saw that particular files was already whitelisted with Sucuri, as well.
I also continue to get the sucuri malware message since updating to latest version of BBPro. I get the same message as outlined above by Bodie after removal. When will the issue get fixed please?
Hey Michele,
Per Sucuri’s note last week, they are aware of the false positives and are working to address them. The timeline is pretty much in their court, but as soon as we have more info, we’ll definitely share!
Best,
Billy
Hi Billy,
So helpful of you. Appreciate the prompt reply.
Finger crossed - so you are saying this is not something to be alarmed about?
Hi Michele,
Finger crossed – so you are saying this is not something to be alarmed about?
That is correct. Seem my post above with Sucuri’s response.
Justin
Hi Justin
Thanks Again for the reassurance and hand holding - been lots of plugin problems lately in the WP world.
Hi Justin,
Latest from Sucuri
We started working on your case, but I will have to escalate it to a senior analyst to help me out here. We will get back to you pretty soon with an update
[Content Hidden]
Hi Debbie. Thanks for letting us know. Apologies for the late reply, this message was flagged as spam in my inbox and I didn’t see it until now. We did get a confirmation from Sucuri that a script we include in Beaver Builder was throwing a false positive. So there’s nothing to worry about 