• What We Believe
  • Speaking
  • Products
  • Testimonials
  • Blog
  • Contact

Fix a SoakSoak Malware Hacked Website?

By Shea Bailey Leave a Comment

How to fix a hacked website

The SoakSoak malware attack caused over 100,000 business owners to wake up to a hacked website this morning. They were attacked by Russian hackers using a campaign now known as SoakSoak and the numbers of those attacked is still climbing. 11,000 of those websites have already been blacklisted by Google. This means you’re off the internet until your website is fixed and Google can verify it.

Last night I was contacted by someone who was seeing this when potential clients were going to their website.

Google Website Hacking Notice

This is not what you want potential clients to see when the go to view your website.

I then spent the next several hours on the phone with the hosting company trying to fix the problem.  Finally, at 2 am this morning I went to bed and the problem still was not resolved. It is currently still being worked on.

I wish I could say that this is the only encounter I have had with this virus but I can’t. About 4-6 weeks ago I ran our Keyword Report for our Church and found some disturbing results. Our Church was ranking for diet products.

Upon further review by their webmaster he found out they had been hacked and spam was placed on their website to drive traffic to sell diet products. And it not only affected their site, but our pastor’s personal computer (a Mac), as well. After a frantic few days their site, and his computer, was clean. By the grace of God (sorry but I couldn’t help myself ) the Keyword Report had caught the problem before they were blacklisted from Google.

 

Why did this happen?

Lots of reasons!

  1. Because some people are just jerks!
  2. Believe it or not, some of the hacking from Russia is politically motivated.
  3. But mostly to steal from you and everyone that visits your site.

Infiltrating your site is done by hackers in a effort to infect your website with harmful links that redirect people to other spammy websites. A client may be on your website for legitimate reasons and then suddenly be redirected to another website all together, that has nothing to do with your site. This can download malicious files onto your (or their) own computers. To make matters worse, it can actually rewrite some of your own files. They can also use this to record your keystrokes and steal your passwords – which I think is the most frightening part of it all.

 

How did this happen?

As best we can tell at this moment the hackers exploited a weakness in a WordPress plug in, called Slider Revolution. This is a plug in that comes bundled with a lot of themes or you might have purchased it individually. We even had it on this website and our event planning company website, but it has now been deleted from both.

It’s the plug in that allows you to scroll images on your website and it’s very popular. The problem with this plug in was actually noticed several months ago and the company repaired it and updated the plug in to eliminate the weakness. But the weakness still existed on the old version of Revolution Slider.

While this has predominately affected WordPress sites due to this plug in, it is still affecting sites across all platforms. Don’t think that you’re safe just because you don’t have a WordPress site.

 

How could this have been prevented?

You could have prevented this by updating the plug in on your site to the most current version. By not doing so you were left vulnerable to attack. And this is exactly one of the ways you can protect yourself in the future – by updating all of your plug ins, your theme, and WordPress regularly.

When you log in to the back end of your website it will automatically tell you that there is a newer version of WordPress, your theme, or whatever.

That’s not to be ignored!

Part of the reason there are frequent updates to these items is due to security concerns. It’s often one of the first things Shea has to deal with when he builds a new website for someone – these have never been updated. So he immediately goes through all of the proper updates to bring their website up to a more secure level.

Another way this can be prevented is by having secure passwords and log ins. This seems obvious in this day and age but people are still lax about their passwords. I highly suggest you go change your password now!

It’s also important to delete all plug ins that you are currently not using or are deactivated. If you’re not using a plug in on your site, get rid of it now! Plug ins that aren’t being used can cause a security issue.

 

My site was one of the ones hacked! What do I do know?

After you’ve recovered from your Oh Shit moment, you’ll want to go to this Free Site Checker by Sucuri to verify that you’ve indeed been hacked.

By the way, anyone can, and should, check their site here from time to time to make for sure you have not been the victim of an attack.

If you have been attacked you should look into purchasing the Securi antivirus, which will get rid of the virus, protect your website for a year, and will help you get off of Google’s blacklist. (Just so you know, we are in no way affiliated with this site and make no money from this at all. We’re referring you to them because we know them to be a reputable company in this industry that can help you immediately.)

It will cost you anywhere from $99 – $299. The other way to fix your site is to hire someone that you know. This could be much more costly and take longer though. We’ve heard of sites costing anywhere from $1,000 to over $10,000 to repair. Yikes!

Even if you think you are not infected I would just check to make for sure. Remember, our Church didn’t know either until they saw the Keyword Report and were able to take care of it right then.

 

Be Proactive!

This virus is still spreading and could happen to you even if you are not on WordPress or have the Slider Revolution plug in installed.

Go to this Free Site Checker to see if you could be infected or your visitors could see this when you show up in their Google results.

Google Hacking Notice

Has your website ever been hacked? Let us know in the comments below how you cleaned it up.

Related Posts

  • APB Entertainment Website is Live!

  • 6 SEO Mistakes That Are Killing Your Search Results

    “What am I doing wrong?” she asks, towards the end of our lunch last week.…

  • What is the Google Hummingbird Update and What Does It Mean?

    If you have a website or a blog, you have probably heard about Google's new…

Filed Under: Uncategorized, Websites

About Shea Bailey

Who is Shea Bailey? He is the other half of a great husband and wife team. He takes care of the tedious, less glamorous behind the scenes work for their businesses and their clients while making Cheryl look better by just standing next to her. Don’t you think?

He spends his days analyzing – everything. From the content you have on your site, to how to improve conversion rates by using your Google Analytics and improving your visitors user experience. And then he makes changes, clicks some buttons , and then he analyzes again. It’s a process!

Need help improving and understanding your website? Contact Shea today!

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 | All Rights Reserved | Privacy Policy       Terms & Conditions | Site Map | Designed by Grit & Wit


Follow Us on Facebook