The SoakSoak malware attack caused over 100,000 business owners to wake up to a hacked website this morning. They were attacked by Russian hackers using a campaign now known as SoakSoak and the numbers of those attacked is still climbing. 11,000 of those websites have already been blacklisted by Google. This means you’re off the internet until your website is fixed and Google can verify it.
Last night I was contacted by someone who was seeing this when potential clients were going to their website.
This is not what you want potential clients to see when the go to view your website.
I then spent the next several hours on the phone with the hosting company trying to fix the problem. Finally, at 2 am this morning I went to bed and the problem still was not resolved. It is currently still being worked on.
I wish I could say that this is the only encounter I have had with this virus but I can’t. About 4-6 weeks ago I ran our Keyword Report for our Church and found some disturbing results. Our Church was ranking for diet products.
Upon further review by their webmaster he found out they had been hacked and spam was placed on their website to drive traffic to sell diet products. And it not only affected their site, but our pastor’s personal computer (a Mac), as well. After a frantic few days their site, and his computer, was clean. By the grace of God (sorry but I couldn’t help myself ) the Keyword Report had caught the problem before they were blacklisted from Google.
Why did this happen?
Lots of reasons!
- Because some people are just jerks!
- Believe it or not, some of the hacking from Russia is politically motivated.
- But mostly to steal from you and everyone that visits your site.
Infiltrating your site is done by hackers in a effort to infect your website with harmful links that redirect people to other spammy websites. A client may be on your website for legitimate reasons and then suddenly be redirected to another website all together, that has nothing to do with your site. This can download malicious files onto your (or their) own computers. To make matters worse, it can actually rewrite some of your own files. They can also use this to record your keystrokes and steal your passwords – which I think is the most frightening part of it all.
How did this happen?
As best we can tell at this moment the hackers exploited a weakness in a WordPress plug in, called Slider Revolution. This is a plug in that comes bundled with a lot of themes or you might have purchased it individually. We even had it on this website and our event planning company website, but it has now been deleted from both.
It’s the plug in that allows you to scroll images on your website and it’s very popular. The problem with this plug in was actually noticed several months ago and the company repaired it and updated the plug in to eliminate the weakness. But the weakness still existed on the old version of Revolution Slider.
While this has predominately affected WordPress sites due to this plug in, it is still affecting sites across all platforms. Don’t think that you’re safe just because you don’t have a WordPress site.
How could this have been prevented?
You could have prevented this by updating the plug in on your site to the most current version. By not doing so you were left vulnerable to attack. And this is exactly one of the ways you can protect yourself in the future – by updating all of your plug ins, your theme, and WordPress regularly.
When you log in to the back end of your website it will automatically tell you that there is a newer version of WordPress, your theme, or whatever.
That’s not to be ignored!
Part of the reason there are frequent updates to these items is due to security concerns. It’s often one of the first things Shea has to deal with when he builds a new website for someone – these have never been updated. So he immediately goes through all of the proper updates to bring their website up to a more secure level.
Another way this can be prevented is by having secure passwords and log ins. This seems obvious in this day and age but people are still lax about their passwords. I highly suggest you go change your password now!
It’s also important to delete all plug ins that you are currently not using or are deactivated. If you’re not using a plug in on your site, get rid of it now! Plug ins that aren’t being used can cause a security issue.
My site was one of the ones hacked! What do I do know?
After you’ve recovered from your Oh Shit moment, you’ll want to go to this Free Site Checker by Sucuri to verify that you’ve indeed been hacked.
By the way, anyone can, and should, check their site here from time to time to make for sure you have not been the victim of an attack.
If you have been attacked you should look into purchasing the Securi antivirus, which will get rid of the virus, protect your website for a year, and will help you get off of Google’s blacklist. (Just so you know, we are in no way affiliated with this site and make no money from this at all. We’re referring you to them because we know them to be a reputable company in this industry that can help you immediately.)
It will cost you anywhere from $99 – $299. The other way to fix your site is to hire someone that you know. This could be much more costly and take longer though. We’ve heard of sites costing anywhere from $1,000 to over $10,000 to repair. Yikes!
Even if you think you are not infected I would just check to make for sure. Remember, our Church didn’t know either until they saw the Keyword Report and were able to take care of it right then.
This virus is still spreading and could happen to you even if you are not on WordPress or have the Slider Revolution plug in installed.
Go to this Free Site Checker to see if you could be infected or your visitors could see this when you show up in their Google results.
Has your website ever been hacked? Let us know in the comments below how you cleaned it up.