Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 297 malicious pages. Your blogged served up malware to 38 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Arthur’s 350

Projects start in all kinds of stages. Some bikes you buy, hoist them up on a trailer, some you just ride home and some projects start in the back of a van.  A couple of years ago Arthur ran in to a Parallel twin with a lot of extra spares which is quite normal being a notorious bike for having “issues”…

 

 

 

 

 

Parts & Bikes for sale

Parts & Bikes for sale.

As of today I added a menu where you can offer your parts and/or bikes you want to get rid of. It might  help your fellow Parallel Twin owner to keep these beauties on the road. If you send me pictures of the parts or the bike you want to sell I will put it on my site

John_1

720 racer

Recently I recieved some pictures from Phil Hitchcock of Road and Race in Australia. Phil told me that Epicycle Racing made a wonderfull 720cc racer whitch I would like to present to you. Phil allso has some Parallel Twin parts in stock so if you’re interested just give him a call. As the points ignition is beginning to be a hard to find part Phil has found a source that is willing to manufacture electronic ignition if there is enough interest.

Epicycle 720 racer_1

Bad wiring

Last weekend I have been working on a 500 GTL. Bringing the bike to it’s (almost) orriginal state can be quite a job. Especially if the wiring has been worked on before. I think everyone working on these bikes will have to best intentions to get things right. From time to time the “best intentions” isn’t the right way. Faulty wiringOn this 500 GTL the electrical wiring has been fiddled with, connectors where in very bad shape and some even so bad I had to cut them out. The Parallel Twins do not have a good reputation for there electrics and if some electrical jobs are done bad it will get worse. On the junctionbox of this GTL the wiring was pretty bad ……  the main pos (+)  wire from the ignition was cut and just twisted together with a way to thin other wire. When the lights were on the connection was getting hot !!

When you are working on the electrics of the Parallel Twins please take care of good wiring and connections. Worse case scenario is your bike catching fire while you are riding !Bad junction box

Magnesium wheels

We have all heard the tails and maybe seen a broken magesium wheel but here is how it actually looks like. On the GTV models you can find the magnesium  5-spoke Speedlines. They might appeal to you but be very aware of what can happen if you actually use them. Last summer I came across some parts and amongst the parts where 1977 magnesium Speedlines. I was exited to find them because I think they look wonderfull. I knew there was a risc in using them. Some Ducati enthousiasts warned me about the deterioration of magesium and discouraged me to use these 35 year old wheels and just use them as decoration. So I did …… sadly to say. Until I came upon a picture handed me from Tony Hannagan from Melbourne Australia. In this picture there is a magnesium Campagnolo from the same time eara which is obviously not in orriginal state. What you see here is what actually can happen !!!! I am convinced now not to use the old magnesium wheels I found.

Please be warned when using old magnesium wheels. Let them be examined, X-rayed or any way that tells you that the wheel is in good condition ……. or just buy new ones, cost a lot but atleast when you apply the brakes the wheel won’t break into pieces.Magnesium wheel broken

External oil feed

There are many ways to upgrade the Parallel Twin engine. One of them is realizing an external oil feed as Arthur van Til did. He didn’t weld small manifolds to the top of the cylinder head like Mototrans did but he used the left hand cam bearing cover. To make sure the oil reaches both camshafts he made a connecting piece as well. With this “easy” way you don’t have to weld directly to your cylinder head. The options are to either open the engine cases and block the oil passageway at the bottom of the studs, or block the oil orifice on the left hand side of the cases just below the cylinder bank.

Blocking the oil passage in the orifice
The oil orifice/restrictor bolt in the top left case can be blanked off.
I did this by tapping M4 into the crossover hole and putting a threaded plug in here with thread sealant. Peen the edges so the threaded plug cannot get loose.

The theory is: the oil goes through the 1mm orifice and into the crossover hole. It cant cant go past the o-ring so it must go through the orifice. Since drilling and tapping a threaded hole into the 1mm orifice leaves you with an o-ring stuck on your drill/tap, the crossover hole is large enough to fit a grub screw. The added advantage is that if it were to get loose the grub screw cannot fall into the channel and into the main bearing.


the orifice/restrictor bolt with threaded crossover hole M4


the grub screw made from M4 screw and slot made by sawing


grub screw in the orifice with thread sealant. I am not advertising the brand as shown, there are other alternatives.

Connecting the camshafts together:
Olie aansluiting kop PTKoppelstuk nokkenas PT
Using an Aluminium bushing with 2 orings and a passageway provides the oil form the lefthand camshaft to the righthand camshaft. You will need to removes the Aluminium blanks from inside the camshafts, and drill/grind a hole in the lefthand camshaft, diameter 4~5mm. Note: the camshaft is hardened, I grinded the first 3mm with a pencil stone bit in the die-grinder and then with a normal HSS drill. Wash and blow out the camshafts!
Similarly, instead of using a pencil stone bit, a solid Carbide drill can be used in one go to make the hole.

Lefthand camshaft drilled through, 5mm hole.

Panigale Twins Patch

Just to let you know that here at the PT-headquarters work is always in progress. Not allways with bikes, parts and projects but sometimes allso with things not directely related to our beloved bikes. Throughout the world I am contacted about the Ducati Parallel Twin and what would be nicer than to show your fellow riders the affinaty with Panigale Twins. I can present you now with a Panigale Twins patch which you can attatch to whatever you like. The patch is aprox 8×8 centimeters as shown in the picture. For €10 ex shipping you can be the proud owner of one of the patches. Please contact me if you are interested.

OLYMPUS DIGITAL CAMERA

Mosna Racing Team

Racing Team Mosna sticker

Last week I came across some parts. The former owner told me that he bought these parts long time ago from someone who was involved with racing. I know  there has been racing with Ducati Paralleltwins but concerning race parts and teams there is very little known. On one  of the stripped bikes I bought there is a sticker on the forkleg seen in this picture. If anyone has information about Racing Team Mosna I would really appreciate it.

DucBMWti 650 Mono

Ducati supermono 650 Okay I agree….. it is not a Paralleltwin but I just whant to share this picture with you. This guy in The Netherlands took a 500 SD and modified the frame so it would take a BMW 650 engine. Not a bad job I might add !

Bikes and spares

Recently I got hold of a ton of spare parts and a 500 SD and a 350 GTL. The 500 SD is in a project state and in need of TLC but the 350 GTL is a sollid runner with a fairly new 500 engine fitted. Are you in need of spares or a new project please contact me.

OLYMPUS DIGITAL CAMERA

Instruments and partsOriginal oilfiltersIgnition partsOLYMPUS DIGITAL CAMERA OLYMPUS DIGITAL CAMERA

Mototrans 500 SD

Mototrans DiegoA couple of days ago I received a very nice email from Diego Cànovas Navarro who lives near Murcia in Spain. Diego is a Mototrans SD 500 rider and made a very nice Restoration.  As we know Mototrans made some significant changes to the design of the Ducati 350/500 models. Diego tells us that he knows some of the factory engineers who worked on the SD 500 . So stay tuned for more info about the changes Mototrans made and see the pictures of our Spanish counterpart.