Mar 10 2022

Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 378 malicious pages. Your blogged served up malware to 7556 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs ( and, either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.


The Internet Janitor

Below are some links to research/further explaination on Gootloader:

This message

May 19 2010

Venice, Louisiana

My last day in New Orleans was a bit of a misadventure.  The plan was to head down to Venice, Louisiana and try to shoot something relating to the oil spill.  I had lofty ambitions of talking my way onto a cleanup vessel for a couple of hours, but I figured I’d settle to just see what the situation was like on the ground firsthand.

Josh borrowed a car from his co-worker John, and we headed down the Mississippi river toward Venice.


This is what Highway 23 looks like most of the way:


On the way downriver, the clouds were heavy and we often encountered rain.  We made a few mental notes of places to stop and shoot on the way back during blue hour, or after nightfall when the grey skies would add to the aesthetic of the photo instead of detract.


There are large levies on either side of the highway, so it’s impossible to see anything on either side.  We pulled over a couple of times when a road led to the left or right over one of the levies, but mostly we just came up to gates that looked like this:


These docks abut virgin wetland:



Continue reading

May 19 2010

St. Claude and the Lower Ninth Ward

I started my walk a little bit north of the Marigny district and started walking east, through parts of New Orleans that are still recovering from Hurricane Katrina five years later.

It’s so hot and humid that most people hang out on the street.  Everywhere I walked people were sitting on their porch, or, if they didn’t have one, their front steps:


Many houses still have spraypaint markings from the Katrina search-and-rescue. This one had some additions spraypainted on to liven the bleak mood:


This kid had the biggest grin I think I’ve EVER seen.


Some of these houses are beautiful, but generally are waiting to be leveled by the city:


This building is either being refurbished, or is about to be flattened.  I couldn’t tell.


Here’s detail of some of an interesting piece of illegal street art that appeared on the back door:


One of the locals I talked to for a minute after shooting the above building:


Continue reading

May 13 2010

Austin, Texas: Day 2

My second day in Austin was the most laid-back of any of my stops yet.  We didn’t have anywhere to be and only a vague idea of what we wanted to accomplish.

Nicole decided to take me to the local lake, Lake Travis.

On the way, we passed the IRS building that was hit by a kamikaze pilot a couple of months ago:


We got to the lake around 10:30, but the restaurant didn’t open for another hour. The lake was gorgeous though.


We decided to go to this restaurant instead.  I told Nicole to show off her favorite restaurants, and everywhere we ate was awesome, but a sign like this really seals the deal:


Continue reading

May 8 2010

24 Hours in South Central

One of my goals on this trip is to always do something different.  More than half of the cities I’m visiting, I’ve never been to before, so in many cases, that will be a pretty easy goal.

However, my first stop was Los Angeles.  LA is a city I’ve spent a lot of time in.  I’ve only lived in San Francisco for a little over a year, but before that, I’d never lived anywhere else other than LA.

Specifically, the west side of LA.  Of the 25 years I spent in LA, 24 of them were in Santa Monica.  I lived in the valley for a few months, and I lived in Mar Vista for a year (which is a laughable mention since it’s a mile from Santa Monica), but rarely have I ever escaped my little beach bubble.  Even when I go back to LA, which I’ve done eight or nine times since moving to San Francisco, I pretty much always stay west of the 405.

This trip, I set out to do something entirely different.

I spent my time in South Central.

South Central has a bit of a reputation.  Even if you’ve never been to LA, you’ve heard of South Central LA, or the crips, or the bloods, or Rodney King, or the LA riots.

But South Central is a real place, with real people, and it’s history and people are intertwined with the history and culture of Los Angeles.

Yet I don’t think I’ve spent more than a few hours there in my entire life.  Combined.  That includes driving through, and I’m counting time spent on the 110 freeway (which cuts through) in this cumulative sum, and anybody who has driven in LA knows how quickly those traffic hours can add up.

My good friend Naomi recently moved in with her boyfriend near Hoover and Vernon.  They’d been bugging me to visit for months, but most of the times I’d come to town I was either working on a job, or if I was around on a social visit, I wouldn’t rent a car, preferring to stay in a bubble near the beach where I could walk or bike to visit my friends.

This trip though, I decided to change that.  Besides my previously stated goal of doing something entirely different, it was very close to the downtown core where Union Station is.

South Central actually has lots of really amazing Craftsman-style architecture, which spent decades disappearing from LA:

Before I even got there, Naomi and Dismost, her boyfriend, told all of their friends that I would be in town and would take pictures of their bike gang.  Not only did I have no idea what to expect, but I’d been hyped up to such a point that I was worried that I wouldn’t be able to live up to their expectations.  They had planned a whole DAY dedicated exclusively to taking photos.  Yet, somehow I knew that this was going to be something special.

Continue reading

May 7 2010

Union Station, Los Angeles

Did I mention that my train was running ahead of schedule?  One thing that seemed consistent with Amtrak trips I’ve read about or been told about, is that delays are very common.  Some trains are delayed for hours because of all kinds of issues, but the most common is because Amtrak shares tracks with freight trains and often, passenger trains have to wait for them to pass.  “Sharing” isn’t even the appropriate word, as the freight companies own the track and are required by law to let Amtrak run trains on their track.  This requirement seems to be a bit disdainful, and freight operators have no problem making Amtrak wait.  Most of the right-of-way from Oakland to Los Angeles was singletrack, and we passed a number of trains on the way down, so I can see how this could be a frequent issue.

On my trip, however, it was not.  I got to Union Station 45 minutes early.  Of course, I started taking photos immediately after getting off the train:

I made it about 100 yards, and while taking this photo of the ceiling, I was stopped by two sheriff’s officers:

“I’m sorry, you aren’t allowed to take photos in here”.

This was the first time I had heard of this policy.  I have taken literally hundreds of photos in LA’s Union Station over the years and I’ve never been stopped.  I could have argued with them, but I didn’t.

Before I left for my trip, I had sent emails to the press contact numbers for Amtrak. Honestly, I was hoping they’d love my idea and offer me and Jesse (a writer who was originally planning on joining me) free tickets, but it didn’t really work out that way.  However, my contact at Amtrak did offer to write an official letter that I could show to train crews explaining what I was doing and effectively acknowledging that Amtrak gave me permission to take photos.  I honestly didn’t think I’d need it as I’ve taken many trains before and have never had a problem taking photos.  But, I gladly accepted the letter, printed it out, and put it in my backpack.

Back in Union Station, I shrugged off the officer and told him that Amtrak had given me permission.

“Can I see your permit?”  The officer asked, rather sternly.

“Uh, yeah, sure”.  I said.  I rummaged around by backpack, found the letter, and gave it to him.  He looked at it, read a bit of it, looked at me, frowned, and handed it back.

“Thank you sir.  Have a great night!”

And he walked off.

I don’t know how long this policy has been in place, but not only was it recent, but it was enforced completely across-the-board.  Private security guards, LAPD officers, and transit police all stopped me in the few hours I was shooting in the station.  I was stopped seven times, sometimes one right after another.  A few times, a security guard simply said “okay”, and walked off after I told him I had permission, but other officers were more skeptical.

Maybe it’s the long hair.

More photos after the jump. Continue reading