I've been really busy so it's been a while since my last post, but this is really important so thought I should update everyone.
This recent SoakSoak bug infected a lot of WordPress sites through a vulnerability in the Revolution Slider plugin. Apparently the developers know about this security hole back in September but did nothing about it until the exploit was widespread. There is now a new version of Revolution Slider that has been patched but there are also many themes that use this slider that cannot be automatically upgraded. The newest version of my Anti-Malware plugin will automatically block the attempts to exploit this vulnerability on your site, even if you have a vulnerable version of Revolution Slider installed.
The bigger problem is that once you have been hit by this bug then there may be other backdoors planted on your site and your DB password may also have been stolen. Your site can also then be used to spread this infection to other sites. I have seen a new round of this threat that no longer uses the popular IP address in the script source. Now its using a variety of infected domains spread the infection.
This threat is changing all the time so please make sure to download the Definition Updates whenever I release a new one. You can follow my Twitter feed @GOTMLS to get notified of new updates.
[sign_post]
I'm going to use this twitter account to post plugin and definition update notices as well as any other important info I need to get out there: @GOTMLS
[sign_post]
I just released a new update that supports encoded definition update. This solves the issue of posting over-sized arrays to servers with post limitations. I also added a button to abort the scan and fix the infections already found. That way you can fix the threats that are found even if the scan process is not finished.
I am still working on a new scan engine that leverages JavaScript includes to distribute the scan job over multiple server processes. This is working well in the BETA version 1.2.07.30 but it does take a really long time on large scans.
I could also use some more donation ... In the 5 months that this plugin has been in the WordPress Repository it has been downloaded over 12,000 times. I've had over 4,000 people register more than 5,000 sites on GOTMLS.NET and yet I've only received 141 donations (many of them are only one dollar, of which PayPal takes 34 cents in fees). Now, I'm not complaining. I am very grateful to those who have already made generous donations to support this project. I am just hoping to see a higher percentage of people who use my plugin contributing to it's future. This is an ever-changing field and it is a lot of work to keep this program up-to-date and capable of removing the newest variants of infectious scripts.
As always, thanks for reading and thanks for your support, and don't hesitate to contact me if you need help.
Aloha,