Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 375 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Yoga with Customer.io

Sitting around a table at the Customer.io 2019 kickoff in January, we were setting goals for the year. Abby, Mitchell, and I. My first three goals were about my specific job. The last one was “I’d like to teach a yoga class at retreat (I really hope this counts)”

Sonja, the people operations guru of the team, heard the goal and did not forget it. I’m not sure if I mentioned it another time, but it landed on the retreat calendar.

It went so well. It was so good.

About two weeks before retreat, in my living room one night, I jotted down a sequence that I thought would be good. Mostly standing poses so we didn’t get sand in our cracks; a flow that someone who had never done yoga before could enjoy; an emphasis on a standing forward fold. My thought was, with the forward fold, we all remember it from middle school P.E., so maybe it was a good familiar place to pay attention to.

Each time we came back to the standing forward fold, we could notice perhaps slightly more mobility as our bodies became warm. But more than increased mobility, the repeated sensation might help us connect with the present moment. Linking sensation with the present moment (where it occurs) is a big part of my practice, so how do I go about sharing that? I wanted to say something like “okay we’re here for the third time and it’s the last one. Feeling this last stretch of our hamstrings, and the last time we’ll probably do this specific stretch today, helps bring me into the present moment.”

sidest note: this feels really true for me. Acknowledging body sensations as they happen feels like a cheat code of being present. and we’re always talking about being present. It’s one of the reasons I love yoga.

I was nervous.

The class was so thankfully on the first day of retreat, which meant I only had to sit in anticipation for one day of presentations. The flow I had jotted down felt very jotted down, under-developed, and not ready. I bargained with myself the day before about a late night preparation, and then early morning preparation. Neither happened.

During these presentations, Colin our CEO gave a talk about how a great place to exist, work, create was somewhere between Anxious and Bored. The middle area of the graph was the “flow.” I still hadn’t revisited my sequence for two weeks before, but this resonated so much with what I think about during my yoga practice, and I knew I’d include it in the class.

The Class

With jotted preparation and Colin’s graph, it was time for the class to start. We had borrowed resort towels and they looked to me.

It went so well. We started with a breathing exercise, I explained how the balance of anxiety (working too hard) and boredom (not engaging enough) was a helpful balance to consider, and then we moved into the flow. It looked in some part like my jotted sequence but it also just so simply happened. I’m not really sure how many times we came back to forward fold.

We ended by laying in Shavasana and listening to the repeat waves. We finished and walked back to the pool. My nerves wanted feedback and affirmation. I tried to put those feelings down and simply know that the class happened and that, independently, I was already happy with how it went. Still… people were really simply nice, offering feedback and affirmation in the varied ways that made sense to them. Brandi let me know she had no idea how it went cause she has no idea about yoga. Abby let me know that her favorite part was that I had said perhaps57 times. Someone who had missed it asked if we could do another one. We didn’t but the interest was nice to receive.


I already like looking at these photos, but I keep coming back to the thought that I think I will also like looking at them in 10 and 40 years. This specific context was the first context of me teaching yoga. It has a story, this story I’m recounting here. My real life remote coworkers showed up to something I put out there, and it happened in a beautiful place.