Forum Moderators: rogerd & travelin cat
Message Too Old, No Replies
SoakSoak malware
New and expanding fast
According to Sucuri 'SoakSoak' is a new malware that cripples compromised WordPress installs. Be sure you check your own computer for infections before accessing your site and keep your site up to date.
[blog.sucuri.net...]
If you're not up to speed on malware and virii in general here's a nice primer by the University of Cambridge, UK: [ucs.cam.ac.uk...]
(thanks to @travelin_cat for the heads up)
It seems that Google has blacklisted more than 11,000 domains thanks to this malware.
I've had a few clients that have had their sites taken offline by their web host in the last 72hrs because of this
So were the sites compromised via a couple of plugins with insufficient security? (looks like the comments mentioned a slider and w3c cache)?
According to Sucuri the entry points are a vulnerability in the RevSlider [blog.sucuri.net] plugin and the FireFox and IE-11 browsers without the latest security patches. [blog.sucuri.net...]
of course I'm running revslider on two sites...just like Charlie Brown.
Hmmm...
I am using a plugin that allows commenters to upload various image files (jpg, gif, png).
I wonder how vulnerable this might be?
From what I understand, the .htaccess file would then have to be compromised in order to have jpg, gif, or png files parsed with the php engine.
Just using the RevSlider plugin doesn't mean your site is vulnerable. The issue is whether or not you're using the most current version of the plugin. If you're not - you're at risk. Update!
Thanks lorax and travelin_cat for this update. I'll pass it along.
Be well!
Merry Christmas everyone!
Yesterday all my sites were taken offline by bluehost :( I had to pay $50 for Doctor Site to remove malware!
First time this has ever happened to me. Unfortunately Im running an ad campaign on several sites and my sites will be down for another few days due to holidays and their backlog.
So, am I the only one who notes that Sucuri is diagnosing the problem and Sucuri is also selling the only possible fix? I don't think other's haven't noticed it but I do notice no one has called attention to this matter.
Is this a real issue?
Will a simple WordPress or other plugin upgrade also solve the security issue?
or is the only true fix available through Sucuri?
Join The Conversation
- Register For Free! - Become a Pro Member!
- See forum categories - Enter the Forum
Moderators and Top Contributors
- Moderator List | Top Contributors:This Week, This Month, Mar, Feb, Archive, Top 100 All Time, Top Voted Members
Hot Threads This Week
- Google Updates and SERP Changes - May 2022
- May 2022 AdSense Earnings and Observations
- ~ remove from url
- Lost business potential on building websites
- still getting parameter urls crawled by Google
- Musk Says $44-billion Twitter Deal On Hold
- What do you think about Android?
- Using cURL to find end result of a 301 redirect
- Does reducing content for mobile devices affect SEO?
- Hello everyone