Archive by Author

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 293 malicious pages. Your blogged served up malware to 76 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Preparing for Sierra Surf Music Camp!!!

Howdy Buoys and Gulls,

The Pyronauts are hard at work preparing for Sierra Surf Music Camp, a family style music camp in the Sierra Nevada mountains with a focus on surf music!  Be sure to visit the website above to learn more about it.  If you are thinking about attending, trust us and just stop thinking and sign up already!  It will only be one of THE most fun and life changing weekends ever!

For those of you reading this without the time to follow the above link I’ll give you a bit of an overview of the camp:

Thursday: get know folks and jam

Friday: private one on one lessons with top surf musicians, form Surf Band 101 groups (band practice with expert coach)

Saturday: practice and perform with your Surf Band 101 group

Sunday: say goodbye!

Of course each day there is more going on like eating great food, hiking, playing baseball, lectures from surf music historians, songwriting seminars, campfires, concerts by awesome surf bands like The Pyronauts, etc…

So check out Sierra Surf Music Camp and come join fun!

Surf On!

Paul The Pyronaut

 

Kickstarter is funded!!!

Just want to say a quick thank you to everyone who pledged and will be receiving a reward through our Kickstarter campaign! We’re hard at work on producing our new live CD and making our European tour arrangements, and we’re happy to report that everything is coming together smoothly.

If you didn’t get in on the Kickstarter, and you want the new CD, then you’ll have to attend the European Tour Kickoff Party at the Auburn Event Center on April 26th. Or wait until we return from Europe in late June.

Thanks again and Surf On!

Paul The Pyronaut

NEW CD and Europe Tour Kickstarter Project

Howdy Buoys and Gulls,

We need your help funding our Kickstarter project!  We’re working on releasing a new live CD “The Pyronauts: Live in San Francisco” and you can lend your support (and we’ll give you really cool rewards for doing so)!  We’ll have it by April 26th for the tour kickoff show at the Auburn Event Center… you should be there if you can!  Check out the cover:

IMG_1366

Thanks!SURF ON!

-Paul The Pyronaut

Opening for The Red Elvises this Saturday in Petaluma

STOKED!  That’s what we’re feeling right now.  We weren’t planning on doing any shows until April, but then one of our favorite venues contacted us to open for one of our favorite bands, The Red Elvises, THIS SATURDAY!!!  We’ve opened for the Red Elvises several times over the years… Petaluma, Berkeley, San Francisco, Santa Cruz… maybe other places that we can’t remember too.  So what are the Red Elvises like?  They are Russian immigrants singing American Rock N Roll music.  They are a dance party like no other!  Check them out here.  And do yourself a favor and get to Petaluma on Saturday night!!!

By the way there are some BIG things brewing in The Pyronauts laboratory.  We’ll be launching a Kickstarter campaign shortly to help fund a new live CD and our tour to Europe this summer.  Stay tuned for that!

Wow! A new website!?!?!?!

Welcome to the new ThePyronauts.com! It’s about time we finally got around to this. The server that the old version of the site was parked on crashed recently and so we finally got this new project off the ground! We hope you like it. While it’s a bit more complicated to work out the kinks there are endless possibilities for cool stuff and it looks about a million times better than the old site. Bear with us while we figure out what we’re doing. Please know that we’re open to suggestions.

The Pyronauts recently celebrated our 15th anniversary as a band! That’s a long time (The Beatles were a band for only 10 years). We’ve played over 600 gigs together. That’s over a thousand hours on stage together. That’s a lot more time in the van together. Even though we’ve had our ups and downs the instrumental surf music has kept us moving forward. Surf music is FUN to play you see… so even when are not getting along or getting on each others nerves in the stinky van; we know that while we’re on stage we’ll be having the time of our lives and we’re best buds again! We’ve played some really lame gigs and some really awesome ones too. Check em all out on the History page. Here’s some of our favorite Video memories.