Dear blog owner and visitors,
This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 391 malicious pages. Your blogged served up malware to 418 visitors.
I tried my best to clean up the infection, but I would do the following:
- Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
- Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
- Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
- Verify all users are valid (in case the attackers left a backup account, to get back in)
- Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
- Run antivirus scans on your server
- Block these IPs (220.127.116.11 and 18.104.22.168), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
- Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
- Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
and Wordfence Security, all do some level of detection, but not 100% guaranteed
- Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
- Check subdomains, to see if they were infected as well
- Check file permissions
Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.
The Internet Janitor
Below are some links to research/further explaination on Gootloader:
It’s finally time for our 4th Shoot Day! We’ve been having a lot of requests lately for another one. And this time we’ll be focusing on how we work with kids. And, for those that don’t know, Shoot Days are a joint collaboration between us & Kelley Photo, it’s a time for some networking, learning a few tips & tricks, and most importantly, a time for fun! So, what are you waiting for, e-mail firstname.lastname@example.org if you have any questions or want to sign up.
It’s not very often that I get to shoot a wedding filled with so many Grandview students. For those that don’t know, Jenny and I met and fell in love at Grandview High School way back in December of 1996. But, this isn’t our story, it’s Megan & Matt’s. They too, fell in love in high school, have been together ever since and committed their lives to each other this past Saturday. It’s always a beautiful story to hear about 2 people who have been together for so long. And that emotion always makes our jobs more enjoyable. Here are just a select few of our favorite frames from the day.
Megan gave Matt the coolest gift ever. He was super excited. You’ll see it later 🙂
The coolest gift ever with their rings on it. It’s an engraved stone that will be placed at Kauffman Stadium. So awesome!
It was just a WEE bit chilly for portraits.
Mom brought their dog up for a few portraits. I love this shot!
There should always be time for a shoulder massage on your wedding day.
Happy, cold, or a mixture of both?
All the kids at the wedding were crazy.
Love this first dance shot.
Hey Macarena! Aight!