Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 389 malicious pages. Your blogged served up malware to 0 visitors.

I tried my best to clean up the infection, but I would do the following:

• Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
• Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
• Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
• Verify all users are valid (in case the attackers left a backup account, to get back in)
• Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
• Run antivirus scans on your server
• Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
• Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
• Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
  and Wordfence Security, all do some level of detection, but not 100% guaranteed
• Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
• Check subdomains, to see if they were infected as well
• Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Here is a question I’ve been asking myself for over 30 years:

Why are businesses so reactive to loss prevention instead of being proactive?

I know many business owners view security and loss prevention only as a “cost center” and fail to see the potential ROI.

The fact is that if you open any type of business, you’re going to lose money directly or indirectly.

Why?

Internally speaking, you cannot control the actions of people you know or hire to work for you. Nobody is perfect; therefore, you run the risk of people you may trust ripping you off.

Externally, we know there are people who will stop at nothing from ripping people off, whether it’s information, products, or just causing damage.

How can you be proactive about your physical security and prevent losses at your business without breaking the bank?

1. Get an alarm system.
   Okay, first ask yourself, ‘What would it cost for me to be out of business for one day, week, etc?’ Probably a lot. Although it’s not inexpensive, a monitored alarm system will minimize the time an intruder has in your business and keep your employees honest.
2. Change your locks.
   When was the last time the locks were changed at your business? Did you ever change them when you moved in? How many employees have you gone through since your locks were installed?
3. Create an access log. Make sure to keep track of all key-holders and document the serial number on their key and the date they received it. Also keep track of their security code to your alarm system.
4. Keep some lights on.
   Do you shut off ALL of your lights when you leave at night? Leave a light on inside, and install motion lights in front and in back of your facility, preferably above the doors.
5. Lock it up. 
   What has the most value at your business:

• Inventory
• Customer information
• Cash
• Proprietary information
• ALL OF THE ABOVE!

Make sure it’s secure and accounted for. Everything on the inside of your business has value. Remember, just the hassle of dealing with a break-in will cost you time and money because time is money.

Vacation Security – Think Like a Burglar and a Risk Manager

Vacation security is commonly the last thing on people’s minds when they are getting ready to leave town. But that lack of focus can make for a sour experience when they arrive home.

This is the right time when you should firm up your plans for summer vacations, and take the right steps toward increasing and improving your home security methods.

The best way to protect your home is think like a burglar. Criminals are constantly on the prowl for targets that look unoccupied. But also think like a Risk Manager. They are “on the prowl” to prevent losses. So, here are some tips to make your house less inviting to a burglar, and some ideas to prevent some home losses.

General Security

1. Do you have a home security system? If you don’t, Get one.

2. Are your plants and shrubs grown up and obscuring the windows or doors? Trim them down below the windows and away from doors.

3. Install deadbolts on every exterior door. Don’t go cheap, but install high quality hardware.

4. Buy programmable timers and plug in lights, TV and radios to mimic your normal routine.

5. Never store ladders and tools out in the open. Place them inside a locked shed or in the garage.

6. Install blinds on your windows and doors so you can prevent criminals from peering inside your house.

7. Get the lawn mowed regularly. An overgrown lawn is one of the first visual signs a burglar sees and tells him that perhaps someone is not home.

8. Install motion-sensor-triggered lights at door openings. Lights scare burglars.

9. Read your insurance policy and be certain that your coverage is up to date.

Just Before You Leave On Vacation

1. If you are on social networking sites like Facebook or Twitter, resist the temptation to announce to the world when you’re going on vacation. Criminals read social networking sites, too…and, trust me, you’re not that hard to find. If you tell everyone you’ll be gone the last two weeks in June, guess what might happen?

4. Can you afford a housesitter? That is someone who actually stays at your home while you’re gone. Housesitters can be the perfect solution if you’re going to be gone on vacation. They can water the plants, receive the mail and newspapers and take care of the pets. Many times, the cost of a housesitter is less than just the cost to board pets. But look at all the value you’d get for the cost.

Sometimes you can get a trusted friend to take care of the house without actually staying in it. They can feed the pets, collect the mail and do the other regular things around the house.

If you cannot afford a housesitter, or do not have a person to keep an eye on the house, then do the following below.

3. Suspend newspaper deliveries.

4. Notify the post office and ask them to hold your mail while you’re gone. Many people have mail slots at home, but why risk some type of post office mistake? A substitute carrier might not notice your schedule and deliver your mail.

5. Secure your important documents and valuables. Move financial and legal documents, expensive jewelry, family photos and such to a more secure location, like a large safe deposit box at a bank. If you’re leaving your computers at home, back them up onto a disk and put the disk in the safe deposit box.

6. Call the police and inform them of your vacation schedule.

7. If you have a monitored security company, call them and inform them of your schedule. Tell them who has authority to be inside your home while you’re gone.

8. Tell your neighbors you’ll be gone. Leave a key with a trusted neighbor. Ask them to watch your property. Tell them who is supposed to be there (housesitter, lawn service, etc.) Give them your contact information. Ask them to phone police if they hear your alarm system going off or see suspicious activity at your house.

9. Lower and close the blinds on ALL windows and doors. Lock all doors and windows. If you have a sliding door, place a door-width dowel in the door track to prevent the door from opening.

10. Park a car in the driveway, or ask a neighbor to park in your driveway. If it’s your car parked, give a key to a neighbor and ask them to move the car every couple days to give the illusion that you’re home. Don’t leave the garage door opener inside the car. And speaking of garage doors…

11. Unplug the garage door openers before you leave. Criminals can get descramblers that open garage doors. Then, they could open your garage door, drive into the garage, and close it behind them.

12. Forward your land line phone calls to your cell phone.

13. If it’s cooling season, leave the A/C unit running. Just set the thermostat at a higher temperature setting. An exterior compressor than never turns on would be a good sign to a burglar that nobody’s home.

14. Shut off the main water supply to your home. This will prevent refrigerator icemaker lines, water heaters, and other water-fed appliances from leaking while you’re gone. What could be worse than coming home to a flooded house? You’d be shocked at how
often this happens.

15. Set the alarm system. Make sure the person taking care of the home has the security code and knows how to use it. Then, when you arrive home after the vacation, change the alarm code.

16. Print out this article and use it as a vacation security checklist.

Then, have a terrific vacation!

Check out Community Lock’s new email blast right here. Let us know if you have any questions.

Your Other Front Door?

• All windows that open should have locking pins, bolts our latches on the inside, and should be secured at all times when they are not open for use.
• All windows should be protected with burglar resistant glass.
• Depending on your needs, you might want to consider installing grills, grates, bars, or even heavy-duty screening or Mylar on windows.
• Secure other openings such as skylights and vents with bars or grates.

Make sure the contractor is licensed.

All contractor advertisements, whether it be an ad in the phone book or newspaper, a flyer that shows up at your front door, or the company’s name on the side of a truck, must have the contractor’s state license number. You can check license status on-line or call 1-800-321-CSLB (2752).

REMEMBER Most licensed contractors are competent, honest, hardworking and financially responsible. However, most of the problems the CSLB sees could be prevented if homeowners knew their home improvement rights and took responsibility for their project. A responsible and informed consumer can work more effectively with reputable contractors, and can avoid being victimized by unscrupulous or unlicensed operators.

Shop around before hiring a contractor.

Beware of any estimate that is substantially lower than the others. It probably indicates that the contractor is not licensed,  made a mistake or is not including all the work quoted by his or her competitors. You may be headed for trouble if you accept an abnormally low bid. It is also possible that this contractor will cut corners or do substandard work in order to make a profit on the job.

When the contractor comes to your house to give you a bid, ask to see their pocket license, along with a picture I.D. You want to make sure the person you’re dealing with is the same person on the license.

Contractors can also hire salespeople to work for them. Those people must be registered with the CSLB. Ask to see their registration card, along with a picture I.D.

REMEMBER Contractors are required to have their license number on their business card and on all bids and contracts. Seeing the number there doesn’t necessarily mean the license is valid. Check the license status on this Website. Although an unlicensed operator may give you a low bid, the risks of possible financial and legal consequences you may face outweigh any benefits a lower bid may seem to offer.

Ask for personal recommendations.

Friends and family may have recently had similar projects completed. If they are satisfied with the results, chances are you will be too. Other good reference sources include local customers, material suppliers, subcontractors, and financial institutions to check whether the contractor is financially responsible. If you are still unsure, you may also wish to check the contractor out with your local building department, trade association or union, consumer protection agency, consumer fraud unit, and the Better Business Bureau.

Verify the contractor’s business location and telephone number.

A contractor who operates a business out of the back of a pickup truck with a cellular telephone may be difficult to find to complete a job or fix something that has gone wrong after the last bill is paid. You can find a licensed contractor’s “address of record” on this website when you look up their license status.

Verify the contractor’s workers’ compensation and commercial general liability insurance coverage.

Ask to see a copy of the certificate of insurance, or ask for the name of the contractor’s insurance carrier and agency to verify that the contractor has the insurance.

In California, if a contractor has employees, they’re required to carry workers’ compensation insurance. The importance of this cannot be overstated. If a worker is injured working on your property and the contractor doesn’t have insurance, you could be liable to pay for injuries and rehabilitation. Your homeowner’s insurance may or may not cover those costs. You should check with your insurance carrier to make sure the workers’ compensation insurance coverage being provided by the contractor is adequate. Learn more from theCalifornia Department of Insurance.

Commercial general liability insurance is not required, however, it covers damage to your property. If the contractor does not carry general liability insurance, they should be able to explain how they would cover losses that would ordinarily be covered by insurance. If your contractor damages your property and doesn’t carry commercial general liability insurance, you or your insurance policy could end up paying for damages.

A licensed contractor must provide you with information regarding both types of insurance in your written contract.

Folks, we have a huge discount on our security camera systems. Please click here for details!

Hello!

We just sent out our most recent email newsletter. Check out the information here. In it, you’ll see how scam artists are imitating locksmiths.

This is information you can’t miss!

Also, we’re looking for reputable sales folks. We’re hiring!

Best,

Rick @ Community Lock . Net

Alarm systems are not your only defense when it comes to home security. Another line of defense is the lock system at your home’s entrance. This is why one of the first pieces of security advice that an authority would give you when you move into a new home or apartment is to change the locks. There are two main reasons for this.

Reasons For Updating Locks
First, if your current door lock is not already a Grade 1 deadbolt, then it is imperative to make sure that you upgrade it with a Grade 1 lock. These are tested by the ANSI and are guaranteed to offer you certain quality standards over other locks.

Second, you never know if someone else has a copy of the key to your door. Whether it be a former tenant or someone who was able to copy the former resident’s key, you will feel a little more peace of mind knowing that only you and/or your management has a copy of your key.

Key Control
To take things a step further you can look into something known as key control. This can help bolster home security because it limits who can make copies of the keys to your home. There are even some apartment landlords who use this type of system on the keys to their tenants’ apartments. Most of the time a key can be copied without consent of the resident.

Having key control means that only you the homeowner or someone you have preauthorized can have duplicate keys made.   Manufacturers of key control lock systems get utility patents. This controls the actual sale of their “blank” or uncut keys. When there is a utility patent it makes it illegal for any third party to cut a key for the patented lock, meaning that only locksmiths specifically contracted by the manufacturer can duplicate the key. A record keeping system ensures that no one but you and people that you specify can request a duplicate copy of a key.

Why Use Key Control
You never know who could have made a copy of a spare key–from a mechanic who temporarily held your keys while your car was being fixed, to fired help who used to work in your home, to ex-acquaintances who may have had a copy of your key in the past. In most cases, a person can go to a local retail or hardware store and get a duplicate made without permission from the original key owner. Key control is a great security measure that can help to prevent this.

Remember, Community Lock & Safe Service is here for you.

Community Lock & Safe Service, Inc. www.communitylock.net

When trying to increase the security of your home or business many people often overlook the simple locks that hold the doors shut. These locks are the physical security that protect a building and what prevents intruders on the most basic level. What many people fail to realize is the locks on their doors are the weak link in their overall security. Using High Security Locks is one of the best ways to improve this critical security area. The top reasons for using these high security locks are:

Patented Key Control – Most high security locks use a restricted key system. High Security Keys are patented and can only be duplicated by authorized locksmith dealers. These keys can even use signature verification to prevent the key from be duplicated by an unauthorized person. If you have ever handed your keys over to someone else (i.e. automotive repair, valet, house keeper, etc…) you cannot be sure that they didn’t duplicate your key. Most keys can be duplicated at a local hardware store for under $3 dollars. A high security key prevents this, and allows you to keep tight control on who has copies of your home or business keys.

Pick Resistance – Standard locks can easily be picked just like you see on TV. Lock pick sets are easily obtained on the internet and with a little practice, you can be opening locked doors in a matter of minutes or sometimes seconds. High Security locks use numerous pick resistant technologies that prevent a person from picking the lock. Some of the pick resistant items can easily be seen on the high security key where others are hidden within the lock itself.

Drill Resistance – Some High Security Lock Cylinders are specifically designed to resist a drill attack. Opening any lock is a simple as creating a shear line between the inner cylinder and the outer housing. On most locks, this can be done using a small drill and drilling a hole just at the top of the cylinder. It only take a few moments to drill a small hole in most locks. This creates a shear line and the lock can be easily opened. If you think no one knows this fact, think again. Criminals and thieves know this and use it to enter a homes and business in a matter of minutes.

Lasting Quality – High Security locks are simply built better. These locks have all brass and steel components inside. There are no diecast pieces that easily break or can be broken by an intruder. Having a lock to secure your door that is built tough is essential. Using a high security lock will ensure that you get the right quality and are properly protected.

Use this criteria when purchasing a lock to ensure that the physical security is taken care of first. A burglar’s worst enemy is time so the harder you make it for them to enter the better protected you are.

Community Lock & Safe Service, Inc. offers customers a better choice in Locksmith services. With over 34 years in the business and still family owner Community Lock & Safe Service, Inc. offers its customers the best peace of mind when it comes to protecting their home or business. Community Lock & Safe Service, Inc. is a Orange County based company and specializes in high security locks. To learn more about products, please click here.

You’ve got a door that sticks along the “strike area” (the part of the door frame where it meets the outermost edge of the door). No need to do anything drastic. Instead, pull out a Philips screwdriver and do this fast fix. In 9 out of 10 times, this will fix your problem.

Here’s How:

1. Determine where the sticking is happening. If the sticking area is along the door frame where the hinges are located, this fix will not work. If it is happening along the top edge of the doorframe, this fix will only make the situation worse. This fix only works along the edge of the door frame where the strike-plate is located.
2. Now, precisely where on this part of the doorframe does the sticking occur? On the top, middle, or bottom? Most times, you’ll find that the door sticks along the top because the door is sagging.
3. Using your Philips screwdriver, tighten the screws of either the top, middle, or bottom hinge. Tighten the screws that go into the door and the screws that go into the door frame. Don’t over-tighten the screws or you may strip/break them.
4. In most cases, the problem is now fixed. If not, tighten the screws in the other two hinges.
5. Note: I prefer to use a hand screwdriver for better control with these tiny hinge screws that are prone to breaking. If you use a cordless drill or driver, be sure to set the clutch very low so that you do not risk stripping or breaking the screws.
6. If the screws are stripped out, remove the screw and fill the holes with wood tooth picks and then reinstall the screws.  This trick works every time.