Gootloader infection cleaned up

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 297 malicious pages. Your blogged served up malware to 38 visitors.

I tried my best to clean up the infection, but I would do the following:

  • Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
  • Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
  • Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
  • Verify all users are valid (in case the attackers left a backup account, to get back in)
  • Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
  • Run antivirus scans on your server
  • Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
  • Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
  • Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
    and Wordfence Security, all do some level of detection, but not 100% guaranteed
  • Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
  • Check subdomains, to see if they were infected as well
  • Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

Arthur’s 350

Projects start in all kinds of stages. Some bikes you buy, hoist them up on a trailer, some you just ride home and some projects start in the back of a van.  A couple of years ago Arthur ran in to a Parallel twin with a lot of extra spares which is quite normal being a notorious bike for having “issues”…

 

 

 

 

 

720 racer

Recently I recieved some pictures from Phil Hitchcock of Road and Race in Australia. Phil told me that Epicycle Racing made a wonderfull 720cc racer whitch I would like to present to you. Phil allso has some Parallel Twin parts in stock so if you’re interested just give him a call. As the points ignition is beginning to be a hard to find part Phil has found a source that is willing to manufacture electronic ignition if there is enough interest.

Epicycle 720 racer_1

Bad wiring

Last weekend I have been working on a 500 GTL. Bringing the bike to it’s (almost) orriginal state can be quite a job. Especially if the wiring has been worked on before. I think everyone working on these bikes will have to best intentions to get things right. From time to time the “best intentions” isn’t the right way. Faulty wiringOn this 500 GTL the electrical wiring has been fiddled with, connectors where in very bad shape and some even so bad I had to cut them out. The Parallel Twins do not have a good reputation for there electrics and if some electrical jobs are done bad it will get worse. On the junctionbox of this GTL the wiring was pretty bad ……  the main pos (+)  wire from the ignition was cut and just twisted together with a way to thin other wire. When the lights were on the connection was getting hot !!

When you are working on the electrics of the Parallel Twins please take care of good wiring and connections. Worse case scenario is your bike catching fire while you are riding !Bad junction box

Magnesium wheels

We have all heard the tails and maybe seen a broken magesium wheel but here is how it actually looks like. On the GTV models you can find the magnesium  5-spoke Speedlines. They might appeal to you but be very aware of what can happen if you actually use them. Last summer I came across some parts and amongst the parts where 1977 magnesium Speedlines. I was exited to find them because I think they look wonderfull. I knew there was a risc in using them. Some Ducati enthousiasts warned me about the deterioration of magesium and discouraged me to use these 35 year old wheels and just use them as decoration. So I did …… sadly to say. Until I came upon a picture handed me from Tony Hannagan from Melbourne Australia. In this picture there is a magnesium Campagnolo from the same time eara which is obviously not in orriginal state. What you see here is what actually can happen !!!! I am convinced now not to use the old magnesium wheels I found.

Please be warned when using old magnesium wheels. Let them be examined, X-rayed or any way that tells you that the wheel is in good condition ……. or just buy new ones, cost a lot but atleast when you apply the brakes the wheel won’t break into pieces.Magnesium wheel broken

Party Time !

Celebrate your success. Wise words from a friend of mine .  Last week I checked my visitors counter and I discovered that we passed the 10.000 visitors. It might seem like a small number but as for a small group of enthusiasts it is a compliment. I would like to thank you all for your interest in Panigaletwins and please keep us inspired. We will go on doing the unexpected with the black sheep of the family and keep these bikes on the road.

Verjaardagstaart

Pazon Ignition

Ducati 1978 500 SDLately I have had many requests for ignition parts as the old parts aren’t there any more. I have been working on building an ignition but progress is slow. We had a discussion which ignition can be used and has been used already. Ian Dobson from the UK showed my that Pazon already manufactures the Pazon Sure-Fire ignition system which is Plug and Play. It is actually an ignition designed for a Honda 450 but can be used for the Ducati Paralleltwinas well. For details you can  contact Kirby Rowbotham at  kirby@kirbyrobotham.com

Durability

In the past decade the press and the rest of the world have been looking at the Paralleltwins as if they where from another planet. Negative comments have been written about it’s durability and the bad reputation of any part breaking down. Exactly this is what keeps us going !!  Proving  the rest of the world wrong and let anybody know that the Paralleltwin is just as good as any other Ducati is one of our main goals. Ian Dobson from the UK is helping us a lot with that. Ian took his 500 SD to the ultimate test ……. the Motogiro d’Italia.  He finished this glorious event in 2011 and just to show you it isn’t all talk and no show here are some picturs. Thanks Ian for proving everybody wrong …..

DSCF1288

Panigaletwins on Facebook

Now you can follow my adventures and projects on Facebook, just follow the link below and “like” my page.

This site will keep on beïng the main place of Panigaletwins.

 

<!– Facebook Badge START –><a href=”http://www.facebook.com/Panigaletwins” target=”_TOP” style=”font-family: &quot;lucida grande&quot;,tahoma,verdana,arial,sans-serif; font-size: 11px; font-variant: normal; font-style: normal; font-weight: normal; color: #3B5998; text-decoration: none;” title=”Panigaletwins”>Panigaletwins</a><br/><a href=”http://www.facebook.com/Panigaletwins” target=”_TOP” title=”Panigaletwins”><img src=”http://badge.facebook.com/badge/393144500770963.1713.831330025.png” style=”border: 0px;” /></a><br/><a href=”https://nl-nl.facebook.com/advertising” target=”_TOP” style=”font-family: &quot;lucida grande&quot;,tahoma,verdana,arial,sans-serif; font-size: 11px; font-variant: normal; font-style: normal; font-weight: normal; color: #3B5998; text-decoration: none;” title=”Maak je eigen badge!”>Promoot jouw pagina ook</a><!– Facebook Badge END –>

Ignition

Still working on a electronic ignition but in order to get it right I need to figure out what the correct timing is. With this engine nothing is straightforward, so why should this be ……. at this point the ignition is compared with the one from a Jawa !!!  I wonder where this is going !  Just took a timing disc and a set of Fiat dashboard lights, pretty basic but it did the job.

Pre-Production 500

Sometimes you stumble upon new information. Just as I did some weeks ago when I visited Rob Klootwijk who used to be in charge of the Ducati Club Nederland archive. We found our selves talking about Parallel Twins and Rob told me he should have something nice somewhere. Of course I was interested right away and just some days later he came up with the following copy of a brochure. According to his story this was a pre-production 500 Parallel Twin for the French market. As Gerald from paralleltwins.com told us this folder is of the 1965 prototype which unfortunately never got in to production. The 500 engine even used push-rods to operate the valves. Originally Ducati designed it for the French market but it never got there so they tried to sell the idea to the Italian police-army administration allso without succes

 

 

Experiment

I wanted to try to see how a 2-1 exhaust system would work and would look. I my garage I found some parts lying around and made in some hours a system. And this how it looks like. Not only just for fun but as well as an experiment for our racing Parallel Twin which could be finished this autumn or this winter. Took the bike out today for a test and it really revs a lot easier and sounds great as wel, not too loud and not to quite either.