Whatnot

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 205 malicious pages. Your blogged served up malware to 677 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

I’m on an Amtrak train right now, and as the northeast corridor flies by at…uh…how fast does this train go? Probably not as fast as it could…or would in Europe. But it gave me time to watch For the Love of the Game. I refuse to admit whether or not I shed a tear or two, but it got me thinking admit another Kevin Costner baseball movie: Field of Dreams.

The fun of Field of Dreams is that every man I’ve ever spoken with candidly admits to crying. It is the only movie I know that all men are okay with admitting to crying while watching. (In fact, How I Met Your Mother included the following as their excerpt from “The bro code”during the credits.)

image

Years ago, I shared with my roommate (and essentially my second brother), Nick, my copy of Field of Dreams. It took him months to watch it, but once he did, he sent me this email.

***

I thought the first 98% of Field of Dreams was utterly asinine.
 
I was perplexed as to why it was nominated for Best Picture and, more importantly, why you told me to watch it.
 
I have never cried during a movie.

I cried at the end of Field of Dreams.
 
Explain.

***

The best explanation I could give was that every son always wants time for “one more catch with dad,” either literal or metaphorical, and even if dad is still with us. We all want to be a kid again and just…play catch.

Plus, that James Earl Jones speech is awesome. So is the Burt Lancaster speech.

Man I gotta watch that movie this week…

It’s been well over 2 years since the last time I wrote anything in my old blog. As a result, I’ve decided it’s time to shut that blog down and make a new start.

Since that time, I’ve graduated law school, taken the bar exam (for two states), and generally grown a lot as a human and a professional. As such, this is now replacing that blog on my website (though the old is still accessible through its blogger URL) and will cover a variety of random topics. Unlike my long musings of before, this will likely be much shorter form writings about sports, law, life, etc. (I still refuse to get twitter, but that may change one of these days.)

Welcome to the new blog. It’s good to close the previous chapter of life and start this one.