WordPress has an FAQ in serveral languages: “My site was hacked!” that has many tips and links.
- Ensure that the most current secure release of WordPress is being used.
- Ensure that the latest release of Joomla is being used.
- Ensure that the most current Drupal version is being used.
If TYPO3 is being used, ensure that the most current version of it is being used.
- XBL/CBL is also detecting and listing IP addresses with StealRat infections.
- CBL also mentions the “ebury SSH rootkit”, a sophisticated Linux backdoor. It is built to steal OpenSSH credentials and maintain access to a compromised server. Suggested reading regarding ebury:
- Welivesecurity offers an in-depth analysis of Linux/Ebury.
You can check your website’s IP here.Back