Feb 27 22

Gootloader infection cleaned up

by admin

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 387 malicious pages. Your blogged served up malware to visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Jun 4 10

Sad News…

by admin

Steve was just starting to build this page, when we got the following news, and thought that the new website can wait, this would be a good place to post some info about some old friends who passed away recently.  If you want to contact Steve directly for more info, his e-mail is edmoblues@comcast.net.   This site will be more a personal site for Steve, those of you looking for info on The Jackie Payne Steve Edmonson Band, click the preceding link.  Thanks for your interest, and check back later when we should have all sorts of cool things here.

Steve Edmonson, Leon Blue, Trudy Lynn and Phillip Walker in Memphis   ©Judy Edmonson

Steve Edmonson, Leon Blue, Trudy Lynn and Phillip Walker in Memphis ©Judy Edmonson

We just heard that Phillip Walker has passed away…always tasteful and unfortunately under-rated.  We were all very lucky to have him here as long as he was.

This photo was taken the last time we saw Phillip.  We were hanging out between sets at the Delta Groove Showcase during the BMA’s in Memphis, TN in 2007.

R.I.P. Phillip, we’re going to miss you…

________________________________________________________________________________________________________________________________

Mitch Faber

Mitch Faber

R.I.P.  Mitch Faber

Bay Area Blues Guitarist, Mitch Faber Passes

Mitch Faber, 53, a Bay Area native, and very talented guitarist, passed away on Thursday, June 3, 2010.  I went to high school with Mitch, who was one of the more talented musicians to come out of our high school (there were many talented musicians there, so that’s actually saying something.)  Mitch played in many Rock and Blues bands even back then.  Many years ago, he attended G.I.T. (the Guitar Institute of Technology) in L.A. in order to learn more about music, guitar, and music theory.  When he returned from G.I.T., he became a regular on the local Blues scene. His own band, The Dogtones, (based out of Nevada City, CA,) used to appear regularly at all of the usual Bay Area Blues clubs, including countless gigs backing Curtis Lawson at The Saloon and other venues.  In the early Nineties, Harp Master, Dave Wellhausen (yes, the Dave Wellhausen who used to own Wellhausen Recording Studios in S.F.,)  was added to The Dogtones line-up, that included Mitch Faber on Guitar, Dave on Harp and vocals, Charlie Faber on Bass, and Ty Smith on Drums.  They made many appearances here in the Bay Area, but did many more gigs in the Sierra foothills.  The band never got to be very well known, but was a very strong live band with a mostly Blues repertoire.  Mitch also worked for several years at Mesa Boogie.  His job there was to play loudly through the amps when they came off the assembly line to make sure that everything worked.  He actually got paid for wanking on the guitar all day!  I think if it hadn’t been for his three hour each way commute, it would have been a dream job for him.  Mitch’s playing often had  more of a Rock edge to it than I usually like, but no one who ever heard him play could say that he wasn’t a masterful guitar player, and when I would visit him at his house in the little town of Washington, CA, we used to spend a lot of time playing T-Bone Walker and Freddy King songs, (which Mitch was very fond of, and had studied a great deal,) on his front porch.  Mitch was a very popular sideman, who performed with Boz Skaggs, John Lee Hooker, Jimmy McCracklin, and Roy Buchanan to name a few.  The last time I saw Mitch, I teased him for turning into an old curmudgeon, but the bottom line is that Mitch passed way too early, and he will be missed by all who knew him.  Very sad!


There will be a Blues Jam in celebration of Mitch’s life:

Sunday, September 5th at The Five Mile House, 18851 State Highway 20

(Five miles east of Nevada City, CA on highway 20)

From 3PM – 9 PM   To call The Five Mile House (530) 265-5155

For More Info on Mitch’s life celebration call (530) 265-9326

Thom Myers will be doing a special

show for Mitch on KVMR FM Nevada City on Tuesday, August 31st

between 2-4 PM Pacific Time.

You can listen to KVMR online at http://www.kvmr.org/

___________________________________________________________________________________________________________________