Welcome to WebmasterWorld Guest from 54.158.248.167

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

SoakSoak malware

New and expanding fast

     
1:54 pm on Dec 15, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


According to Sucuri 'SoakSoak' is a new malware that cripples compromised WordPress installs. Be sure you check your own computer for infections before accessing your site and keep your site up to date.

[blog.sucuri.net...]

If you're not up to speed on malware and virii in general here's a nice primer by the University of Cambridge, UK: [ucs.cam.ac.uk...]

(thanks to @travelin_cat for the heads up)
5:22 pm on Dec 15, 2014 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24526
votes: 577


It seems that Google has blacklisted more than 11,000 domains thanks to this malware.
6:27 pm on Dec 15, 2014 (gmt 0)

Senior Member from ZA 

WebmasterWorld Senior Member 10+ Year Member

joined:July 15, 2002
posts:1721
votes: 4


I've had a few clients that have had their sites taken offline by their web host in the last 72hrs because of this
6:45 am on Dec 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts: 3823
votes: 29


So were the sites compromised via a couple of plugins with insufficient security? (looks like the comments mentioned a slider and w3c cache)?
1:08 pm on Dec 16, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


According to Sucuri the entry points are a vulnerability in the RevSlider [blog.sucuri.net] plugin and the FireFox and IE-11 browsers without the latest security patches. [blog.sucuri.net...]
5:20 pm on Dec 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member Top Contributors Of The Month

joined:Feb 3, 2014
posts:1037
votes: 231


of course I'm running revslider on two sites...just like Charlie Brown.
5:27 pm on Dec 16, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member planet13 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 16, 2010
posts: 3823
votes: 29


Hmmm...

I am using a plugin that allows commenters to upload various image files (jpg, gif, png).

I wonder how vulnerable this might be?

From what I understand, the .htaccess file would then have to be compromised in order to have jpg, gif, or png files parsed with the php engine.
5:36 pm on Dec 16, 2014 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 31, 2002
posts:7575
votes: 0


Just using the RevSlider plugin doesn't mean your site is vulnerable. The issue is whether or not you're using the most current version of the plugin. If you're not - you're at risk. Update!
7:10 am on Dec 17, 2014 (gmt 0)

New User from US 

joined:Jan 6, 2013
posts: 3
votes: 0


Thanks lorax and travelin_cat for this update. I'll pass it along.

Be well!

Merry Christmas everyone!
4:46 am on Dec 22, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 3, 2006
posts:1362
votes: 4


Yesterday all my sites were taken offline by bluehost :( I had to pay $50 for Doctor Site to remove malware!

First time this has ever happened to me. Unfortunately Im running an ad campaign on several sites and my sites will be down for another few days due to holidays and their backlog.
2:02 am on Dec 27, 2014 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Mar 7, 2003
posts: 1078
votes: 6


So, am I the only one who notes that Sucuri is diagnosing the problem and Sucuri is also selling the only possible fix? I don't think other's haven't noticed it but I do notice no one has called attention to this matter.

Is this a real issue?

Will a simple WordPress or other plugin upgrade also solve the security issue?

or is the only true fix available through Sucuri?