RouterNinja's Dojo

A stroll down the path of Nerdlighenment.

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 320 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs ( and, either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.


The Internet Janitor

Below are some links to research/further explaination on Gootloader:

This message

March 10, 2022 Posted by | General Geek Wisdom | Leave a Comment

Minecraft Servers

Ok, so I have the new minecraft servers up, they are whitelist only, so if you want to be added, email me at

Forge Modded 1.10.2: Mods are here. Forge 1.10.2

Forge is available here:

Pixelmon: Using 1.10.2 5.0.0, Forge 1.10.2

Pixelmon is available here:

Vanilla 1.10.2:

November 13, 2016 Posted by | General Geek Wisdom | 1 Comment


So my mom has been offically inducted into the Cult of Mac. After having her card number stolen via malware and various recurring virus issues, she started asking me about my mac, since she used it when she was at my place in Atlanta..   So of course last night I popped into her XP machine via TeamViewer when she needed to ask me something and I see an Apple Store receipt on her screen for a new Macbook pro, iPad 2, AppleTV and applecare for everything..

Happy, but somewhat stressed since I know I’m going to have to set it all up for her, but I know the calls will be less “OMFG SOME RUSSIAN STOLE EVERYTHING” and more “Hey, how do I upload stuff in iPhoto”. and that I can handle.

And I’m not bitter at all that her laptop will be better than mine, nope, not one bit.

Maybe a little.





November 3, 2011 Posted by | General Geek Wisdom | Leave a Comment

Once again I am late to the party..

So I came into Nerdcore late.  I really got into MC Fronalot, MC Lars, Beefy, YT Cracker, and all the rest.. Now of course I have the problem of wanting to see them live, and I dont think most of them are coming anywhere near me.  I missed MC Lars and MC Chris in Atlanta a couple weeks ago.  So my favorite nerdcore track has got to be “Ones and Zeroes” with Beefy and YT Cracker. I dug the “Nerdy South” line, being in Atlanta and hearing the “Dirty Souf” crap, it was a nice way to bring it back to the geeks.   I cant seem to find it on youtube, so you’ll have to check it out on Spotify or iTunes or whatever method you use for getting your music..  Close second would be MC Frontalot’s “Victorian Space Prostitute” which is a great breakdown of every cosplayer I have ever seen.

I’ll add more as I think of it.

October 29, 2011 Posted by | General Geek Wisdom | Leave a Comment

Logitech finally catches up to 6 months ago.

So my Logitech Revue is finally getting the Honeycomb upgrade.  I gotta admit it looks pretty cool. Mom may end up getting my ATV and I can get a 2nd Revue for the bedroom.


October 28, 2011 Posted by | General Geek Wisdom | Leave a Comment

Yay for Friday!

So I have settled into my job this morning as an engineer at a Death Star themed telephone company. 🙂 Got my 1 year coming up here and I’m pretty happy how things are going.   Got the kids coming over tonight for another fun-filled weekend.  Have to make sure to remember to hit the grocery store on the way home.  I am woefully low on kid supplies.  That and I think I promised Abby a meatloaf. not sure why.   Here’s to hoping the day goes by a little faster today.

October 28, 2011 Posted by | General Geek Wisdom | Leave a Comment

A reboot was needed.

So I have had various handles since I dialed up to my first BBS in 1985.  I’ve had lots of changes in my life, love and loss.  But I think it’s about time for a serious reboot.  I adopted the Routerninja name as a joke when I worked at AOL. and I guess it’s kinda stuck.  So I decided today to grab the domain and build something new for me..

Hope ya’ll like it.

October 28, 2011 Posted by | General Geek Wisdom | Leave a Comment