Sponsored by:


A 2-post collection

Why is Gootkit attacking my website and what can I do about it?

Last week I wrote about Gootkit’s futile attack on ASafaWeb and then a funny thing happened: Suddenly my Google Analytics keyword results become very Gootkit-centric: I see this as meaning either there is a lot of interest in Gootkit at the moment or there is not a lot of information available on what it is. Or both. Interestingly though, the activity appears to have ramped up right about the time of my initial post. The search results all turn up results in late September this year including Gootkit auto-rooter scanner – hello, Gootkit auto-rooter scanner and the log files for weee-recycling.com (c’mon guys, don’t put your logs on public display!) Let me try...

Gootkit’s futile attack on ASafaWeb

On Saturday morning I woke up to 120 emails from ASafaWeb, not because it really likes me but because it was in pain! One thing I did very early on with the project was to implement elmah and make sure I get an email notification when anything happens that shouldn’t. It won’t stay this way (for reasons you’re about to see), but it’s a good way of keeping an eye anything that goes wrong very early on. What elmah does is keeps a nice little log of all the things that happen on your site which shouldn’t; internal server errors, illegal URL formats and most importantly in this context, page not found errors (the classic...