Dear blog owner and visitors,
This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 285 malicious pages. Your blogged served up malware to 0 visitors.
I tried my best to clean up the infection, but I would do the following:
- Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
- Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
- Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
- Verify all users are valid (in case the attackers left a backup account, to get back in)
- Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
- Run antivirus scans on your server
- Block these IPs (126.96.36.199 and 188.8.131.52), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
- Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
- Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
and Wordfence Security, all do some level of detection, but not 100% guaranteed
- Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
- Check subdomains, to see if they were infected as well
- Check file permissions
Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.
The Internet Janitor
Below are some links to research/further explaination on Gootloader:
To be the light of someone’s life: to be the most important person in someone’s life– to give someone’s life meaning (ex. My son is the light of my life.)
Lead a double life: to have a second, secret life that is usually not socially acceptable (ex. I just found out she leads a double life: she is a lawyer during the day, but a stripper at night)
The best things in life are free: the best things in life don’t cost money: love, relationships, etc…
Risk life and limb: to do something very dangerous where you might get hurt (ex. He risked life and limb to save her from drowning.)
It’s a dog’s life: one’s life is similar to the easy life of a dog (ex. He sleeps until noon, works for a few hours, spends time with his friends and watches TV. It’s a dog’s life.)
Life is just a bowl of cherries: everything is going well; life is carefree (ex. I love my job and my new house. Life is just a bowl of cherries at the moment.)
Larger than life: more interesting and more exciting than an ordinary person or thing (ex. He may not be the best musician, but in the eyes of his fans, he’s larger than life.)
Spring to life: to become suddenly alive or more alive (ex. The party sprang to life after midnight.)
Bring to life: to make something exciting and interesting (ex. The bright colors bring the apartment to life.)
Life in the fast lane: a very active or possible risky way to live (ex. When will he get tired of living life in the fast lane?)
English spelling can be tricky in many ways.
Homophones – words that sound the same, yet have a different English spelling – can be very difficult for English learners to understand.
Principal vs. Principle
A principal is the head of a school. A principle is a belief or a moral that you feel strongly about.
To, Two, or Too
To is a preposition. Two is the number following one. Too means also.
Foreword vs. Forward
A foreword is the introduction to a book. Forward is a direction.
Knight vs. Night
A knight is a man who served his lord as a soldier in armor. Night is what happens when the day is over.
Bald vs. Bawled
Bald means hairless. Bawled means yelled, or cried.
Mail vs. Male
Mail is what you receive in the post. Male is a gender (men.)
Dear vs. Deer
Dear is a term of endearment for someone you regard with deep affection. A deer is an animal, like Bambi. A deer can be dear to you, but a dear cannot be deer to you.
Eight vs. Ate
Eight is the number following seven. Ate is something you would do for lunch. You can remember that ATE has the same letters of EAT, moved around.
Made vs. Maid
Made is the past tense of make. A maid is a person who does domestic work. It’s spelled like ‘aid’, because it helps!
Information source: http://www.grammar.net/ginger_homophones