+49-2381-444110 info@energiesparhausplus.de

Gootloader infection cleaned up

TweetDear blog owner and visitors, This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 66 malicious pages. Your blogged served up malware to 247 visitors. I tried my best to clean up the infection, but I would do the following: Upgrade WordPress to the latest version (one way the attackers might have gained access to your server) Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server) Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins. Verify all users are valid (in case the attackers left a backup account, to get back in) Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords Run antivirus scans on your server Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan...