The site ahead contains malware – Socialblade Hacked?

While you woke from your bed and rushed to check your YouTube statistics, you may have been greeted with a blinding red warning from Google: The site aheads contains malware! Before going into any specifics or giving you assurances, we’d like to apologize for the inconvenience that this caused not only for the direct visitors, but also those who use our widgets.

Socialblade detected as Malware

What Happened?! Was SocialBlade Hacked?

With the various 3rd party technologies that we run on Socialblade, comes a higher risk to a website and a brand as a whole. Before going into the nitty gritty, we’ll give you a bit of a backstory to help fill in some of the questions.

The initial issue happened back at the end of July and that could be read at the MalwareBytes blog. We immediately responded within the same day and worked hard to fix the problem. The site was scanned by their professionals to ensure that no further problems happened and it seemed like things were in the clear.

The initial point of entry was on an old outdated blog (which was phased out) that used to be featured on socialblade back before all the new updates started to happen.

The Nitty Gritty:

There were 2 files that were of concern. One being a javascript file which had a piece of obfuscated code at the end, and the other was a PHP file which was blocked/deleted in July (the javascript relied on the php and vice versa to properly function). The function of this combo was to redirect you through a chain of various websites of their choosing really quickly.

While the exploit was blocked at its source and the old/outdated blog (and the forum) was secured, it looks like when Google scanned through one of our files it had the inactive obfuscated code. We immediately fixed it and have requested that Google re-evaluate the website, however the process can take a bit.

Is Socialblade Hacked or a Threat? Is Socialblade Vulnerable?

We responded immediately and closed up the exploit back in July and as soon as Google informed us of the obfuscated code: that was removed immediately as well. Socialblade is not a threat and we believe that this situation will be rectified by the time you read this.

We believe in our brand and we will always find ways to improve ourselves both as a statistics website, and a company.

Since this morning, we’ve hardened our apache security, closed up any permission issues, and have continuously scanned files for any vulnerabilities. As a word to the viewers and a bit of advice:

Don’t forget to update your blogs/forums when there is an update available.

[UPDATE] #GOOGLELOVESUS:

After about 24-28 hours of seeing the ‘wonderful’ red screen of death on Socialblade, Google rescanned our site and told us that we were in the clear!

We would like to apologize to everyone and realize that this may have not only caused issues on your browsing experience, but gave some of you a bit of doubt about the company. Rest assured, we take security very seriously and we would like to assure everyone that Socialblade is clean! (Sparkly clean, even).

Thank you to everyone for their patience in the matter! Socialblade is back up and in business. Go wild! Enjoy! Request new features via our support system! Most importantly, keep being awesome.