Title: Possible javascript malware code injection Last modified: August 4, 2019 --- # Possible javascript malware code injection * Resolved [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * (@fanaticweb) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/) * John, * I received a security alert from my host stating the following: * A few minutes ago, our antivirus scanner detected that a malicious file was uploaded to your webspace. * /wp-content/uploads/backupbuddy_temp/j2o9barz4y/wpweb_redirection_404.sql * When I checked with Sucuri.net, it flagged the site being infected with a Known javascript malware * I understand that the main plugin BackupBuddy was performing an automated backup and stored the DB files in a temp folder but your file got flagged as being the one infected. * Any input or feedback would be appreciated Viewing 9 replies - 1 through 9 (of 9 total) * Plugin Author [John Godley](https://wordpress.org/support/users/johnny5/) * (@johnny5) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11797726) * The 404 log contains 404 requests to your site. If someone requests a URL that is associated with malware then it will be logged. This will appear in your backup file, which is then being falsely detected. * Thread Starter [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * (@fanaticweb) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11798492) * I understand and makes sense, but why did Sucuri.net flag my site with a Known javascript malware? I doubt they can access and read those logs, meanwhile, I’m going to run this with the iThemes team, the developers of BackupBuddy, to get their feedback as well. * I appreciate your prompt response. * Plugin Author [John Godley](https://wordpress.org/support/users/johnny5/) * (@johnny5) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11798503) * Sucuri does register false positives, and the two reports may be unconnected. Given the information available there’s nothing else I can really say. * Thread Starter [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * (@fanaticweb) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11798524) * I understand, I’m gonna run some tests and followup with the updates, thank you John. * Thread Starter [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * (@fanaticweb) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11818614) * Just gonna add this here: every time I update the plugin, it fails, its the only one that fails, yet, when I refresh the page, the plugin update seems to have gone through. * Any thoughts on this behavior? * Plugin Author [John Godley](https://wordpress.org/support/users/johnny5/) * (@johnny5) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11818662) * Fails how? Refresh what page? Gone through what? * Thread Starter [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * (@fanaticweb) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11819426) * Fails with the error “Failed to update” it displays some raw HTML code listing all the plugins on-board, so I ignore the error, refresh the page and try again, then the update goes through successfully, my gut feeling is a possible malware onboard and it’s affecting the behavior of your plugin for some reason. * Plugin Author [John Godley](https://wordpress.org/support/users/johnny5/) * (@johnny5) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11819829) * Ok, so that message comes from WordPress during the update process. Redirection has no control over this, and it is not related to Redirection itself. Maybe you have some file permission problems. * Why do you think it’s malware? * I will assume your original report is no longer an issue now. For future malware issues it’s always better to go direct to the author. This means that if there is a problem it can be fixed before it becomes generally exploitable. If there isn’t a problem then you don’t cause undue alarm for others that may read the report in a public forum. * Thread Starter [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * (@fanaticweb) * [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11820460) * Noted and agree, by all means, please go ahead and delete/remove this thread. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Possible javascript malware code injection’ is closed to new replies. * ![](https://ps.w.org/redirection/assets/icon-256x256.jpg?rev=983639) * [Redirection](https://wordpress.org/plugins/redirection/) * [Frequently Asked Questions](https://wordpress.org/plugins/redirection/#faq) * [Support Threads](https://wordpress.org/support/plugin/redirection/) * [Active Topics](https://wordpress.org/support/plugin/redirection/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/redirection/unresolved/) * [Reviews](https://wordpress.org/support/plugin/redirection/reviews/) * 9 replies * 2 participants * Last reply from: [Fanaticweb](https://wordpress.org/support/users/fanaticweb/) * Last activity: [6 years, 9 months ago](https://wordpress.org/support/topic/possible-javascript-malware-code-injection/#post-11820460) * Status: resolved