Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 296 malicious pages. Your blogged served up malware to 266 visitors.

I tried my best to clean up the infection, but I would do the following:

• Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
• Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
• Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
• Verify all users are valid (in case the attackers left a backup account, to get back in)
• Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
• Run antivirus scans on your server
• Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
• Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
• Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
  and Wordfence Security, all do some level of detection, but not 100% guaranteed
• Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
• Check subdomains, to see if they were infected as well
• Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

These are simple printable stickers for planners or bullet journals, provided as a PDF. For best use, print on 8.5×11″ full sheet labels. 8 per sheet, roughly 5.5″ x 1.8″ each. Print, cut, use, enjoy!

Word Count Printable Stickers (8.5×11″)

A printable sheet of stickers. For best use, print on 8.5×11″ full sheet labels. 8 per sheet, roughly 5.5″ x 1.8″ each.

Download Now!2628 Downloads

Most people in the romance sphere know that something went down in the last week on the RWA PAN (Romance Writers of America’s Published Authors Network) mailing list. I’m not going to rehash that because it’s long and complicated and has brought to the RWA’s attention that their forum rules aren’t prepared for the land of social media. To err on the side of caution, I won’t be repeating anyone else’s words.

But I will be repeating my own.

Over the course of the spirited debates of the last week, the idea was raised multiple times that in recent years, the RWA Board of Directors has been choosing to spend their focus and resources on initiatives that only benefit a small percentage of (marginalized) members. This was deemed unfair, or even in a few extreme cases, reverse discrimination.

This is wrong for a lot of reasons. But the main thrust of it is a fundamental misunderstanding about the difference between equal treatment and equal opportunity. To explain my thoughts on why it is vital that the RWA continue to aggressively advocate for its marginalized members, I wrote this:  (briefly edited to remove specific references)

Imagine that publishing is a beautiful shopping center erected in the middle of a bunch of communities. If you can get there, you can do your business, and life is good.

Imagine that the RWA came into being to make it easier for people to get to that shopping center and do their business. Their mission statement is to help people cross the space between where they are (their community) and where they want to be (doing business.)  They fix roads that fall into disrepair. They arrange carpools. They show up with buses sometimes and in general, though they’re not perfect, they make it easier to get to the store.

Now imagine that some communities aren’t connected by roads. They have to walk on foot, while everyone else drives. It takes them longer, it’s harder, a lot of people give up. It doesn’t feel fair. They want the RWA to help them build roads. Once the roads are in, they won’t need any more maintenance than anyone else–but that road has to get built.

Some people are strenuously objecting to the idea of diverting resources to building roads that only help a single community. They want it to be fair–as in the RWA gives the same amount of help to everyone.

I want it to be fair, as in the RWA makes it equally possible for everyone to get to the shop.

Sometimes you have to build the road first.

But when I do, I make sure to be inane.

This page may evolve into something cool and neat. It may not. I can’t make promises, because I’m too busy making bad decisions about what to watch on Netflix.