This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 379 malicious pages. Your blogged served up malware to 608 visitors.
I tried my best to clean up the infection, but I would do the following:
Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
Verify all users are valid (in case the attackers left a backup account, to get back in)
Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
Run antivirus scans on your server
Block these IPs (22.214.171.124 and 126.96.36.199), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
and Wordfence Security, all do some level of detection, but not 100% guaranteed
Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
Check subdomains, to see if they were infected as well
Check file permissions
Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.
The Internet Janitor
Below are some links to research/further explaination on Gootloader:
This weeks mental and chatty show features Simon Godfrey as the ‘victim’ and the music is a spectacular landfill of Prog and Rock.
Artists featured are: Judie Tzuke, Meshuggah, Genesis, Alice in Chains, Quatermass, Shineback (obviously),Corneliust, Roger Glover’s Butterfly Ball (including Ronnie James Dio), The Sensational Alex Harvey Band, Public Service Broadcasting, The Mahavishnu Orchestra, Enochian Theory and The ‘Orrible’ Who. The chat is vergin on obsessive but the whole show swings like a man on the gallows. If you miss it you are probably a bit mental xxxxx
This week’s show is a real ripper as Jerry Ewing and Jon Patrick pretty much set the controls for the heart of the sun.
Killer newies from Haken and Dream Theater, classics from Damien Wilson, Anathama, Alan Reed, Be Bop Deluxe and Golden Earring. Very very early Yes and Steven Wilson tracks plus music from Sound of Contact, Battlestations and Traverser.
his week’s fabulous show features top Proggers Cliff ‘Progzilla’ Pearson, Jon Patrick and I playing some ultra fab tunes and chatting a load of nonsense to a righteous soundtrack c/o Moon Safari, Wintergatan, Maschine, Todd Rundgren’s Utopia, Sylvan, The Legendary Pink Dots, Dec Burke, Alice Cooper, Not A Good Sign, Kansas, Blackfield, Anima Mundi, Chris De Burgh and Jimi Hendrix. Shows are originally broadcast at 7.00pm UK time on Sundays on http://myradiostream.com/progdog
On this week’s show I am going to look at my personal fave albums of 2013. Some Fabulous stuff from The Tangent, Sanguine Hum, IQ (reissue), Steven Wilson, Shineback, Big Big Train, Public Service Broadcasting, Cosmograf, Sound of Contact, Lifesigns and Henry Fool. Due to me not being about to stream live I will be making it available from tomorrow morning as a podcast only.
Have fun and enjoy the sun xxxxx
With the fabulous ‘ Le Sacre Du Travail’ just released, this was the perfect excuse to catch up with The Tangent and so I caught up with Andy Tillison to talk about the last 2 years and the creation of the latest Tangent album, the superstar lineup of contributing musicians and future plans for The Tangent. PLUS of course we chat about life, music and the current state of Britain, if not the world. Enjoy.
This week’s show is a fandabbydozzy interview with the rather spiffing Mr Michael Holmes Esquire. We just basically play and natter about our fave bands and music including an exclusive NEVER before heard IQ track. Other godlike sounds come from: The Edgar Winter Group,Scott Walker, more IQ, Steely Dan (natch), Alice Cooper, Neil Young, Muse, KLF,Brian Protheroe, The Tubes and the sublime Joni Mitchell.
The music is not mainstream prog but I defy anyone to not adore the tunes we play. VERY special thanks to my great friend Mr Jon Patrick and Mike even brought along some scummy cake and hot cross buns which we washed down with some rather nice earl gray tea. MISS THIS SHOW AT YOUR PERIL.
In the run up to Celebr8.2 we interview The Tangent’s Andy Tillison about the new ‘Le Sacre Du Travail’ album, his appearance at both last year’s Celebr8 and this years Celebr8.2 as a a solo artist. Plus we talk about his early introduction to music, play 2 of his all time fave songs PLUS A WORLD EXCLUSIVE OF ‘YOU YOU’ (work in progress) from LE SACRE DU TRAVAIL. We also talk about the genius of Tales From Topographic Oceans and much much more.