We just recently had an close business customer experience an attack on their web server that they run here in Portland, OR. They apparently got hit with the botnet/rootkit called “Gootkit auto-rooter”. Luckily, there was no serious damage, but it remains to be seen how perilous it can be to have your computers, whether a home system, or a commercial server, connected directly to the internet (firewall or not!).

Gootkit (auto-rooter) is a nasty little bot that scans for various vulnerabilities on your webserver, and if it finds one, will use exploits to load itself onto your system, then hijacking it to spread itself further, all while reporting your confidential information back to the home system. The attacks appear mostly around servers running PHP, as well as MySQL and other ‘control panel’ applications.

If you are a webmaster we recommend you simply block the user-agent of Gootkit: “Gootkit auto-rooter scanner”.If you are running a Linux or Unix server, use IPTables or Apache to block the user agent.

Read more how to block Gootkit on Linux or Unix.

If you are running a Windows Server with IIS7, you can simply update your machine.config or web.config file to include rewrite rules.

Read more how to block Gootkit on Windows Server with IIS7.

Be safe out there! Viruses, spyware, botnets, trojans, and root-kits are wide spread, so be sure to keep your operating system and anti-virus software up to date! Hope this helps, if not just drop by your local Portland computer repair store for help!