Gootloader infection cleaned up – ESPACIO 30 – ATENEO SAGRERENCO

Created
Reading time
2 min
Categories: Culture


Dear blog owner and visitors,

Este blog had been infectado en el servidor de Gootloader malware en Google search victims, vía a common tactic known en el SEO (Search Engine Optimization) poisioning. Your blog was serving up 62 malicious pages. Your blogged served up malware to 603 visitores.

Y llame a un máximo a la infección, pero que eres:

  • Upgrade WordPress para la última versión (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might haga gained access to your server), and remove año unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. Este es probable que se attackers varía, se tiene que gozar en bruto fuerza weak passwords
  • Run antivirus scans on your server
  • Bloque las IPs (5.8.18.7 and 89.238.176.151), either en tu firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send maliciosos commands for y
  • Check cronjobs (both server and WordPress), aka scheduled tasks. Este es el método común que el attacker utilice para obtener back in. No se te ocurre, what this is, Google it
  • Consider wiping the server completamente, es que no sabes que deep the infection is. If you decide no to, y recomendamos instalar algunas security plugins para WordPress, a partir de este año y reiniciar maliciosas filas. Integrity Checker, WordPress Core Integrity Checker, Sucure Security,
    and Wordfence Security, all do some level of detection, pero no 100% guaranteed
  • Go mediante los procesos de Google para recorrer su sitio, a remover los maliciosos enlaces (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permisiones

Gootloader (previously Gootkit) malware has been desde since 2014, y se utiliza para infectar insystem en el sistema, y ​​está disponible para acceder a otros attackers, que normalmente despliega adicional malware, incluyendo ransomware y banking trojanos. By cleaning up your blog, it will make a diente in how they infect victims. PLEASE try to keep it up-to-date and secure, so this doses no happen again.

Sincerly,

The Internet Janitor

Below are some links a research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

Este mensaje





Source link

Related posts