J.Schwartz,llc Construction Blog (PAHIC#861)

Dear blog owner and visitors,

This blog had been infected to serve up Gootloader malware to Google search victims, via a common tactic known as SEO (Search Engine Optimization) poisioning. Your blog was serving up 299 malicious pages. Your blogged served up malware to 17155 visitors.

I tried my best to clean up the infection, but I would do the following:

• Upgrade WordPress to the latest version (one way the attackers might have gained access to your server)
• Upgrade all WordPress themes to the latest versions (another way the attackers might have gained access to your server)
• Upgrade all WordPress plugins (another way the attackers might have gained access to your server), and remove any unnecessary plugins.
• Verify all users are valid (in case the attackers left a backup account, to get back in)
• Change all passwords (for WordPress accounts, FTP, SSH, database, etc.) and keys. This is probably how the attackers got in, as they are known to brute force weak passwords
• Run antivirus scans on your server
• Block these IPs (5.8.18.7 and 89.238.176.151), either in your firewall, .htaccess file, or in your /etc/hosts file, as these are the attackers command and control servers, which send malicious commands for your blog to execute
• Check cronjobs (both server and WordPress), aka scheduled tasks. This is a common method that an attacker will use to get back in. If you are not sure, what this is, Google it
• Consider wiping the server completly, as you do not know how deep the infection is. If you decide not to, I recommend installing some security plugins for WordPress, to try and scan for any remaining malicious files. Integrity Checker, WordPress Core Integrity Checker, Sucuri Security,
  and Wordfence Security, all do some level of detection, but not 100% guaranteed
• Go through the process for Google to recrawl your site, to remove the malcious links (to see what malicious pages there were, Go to Google and search site:your_site.com agreement)
• Check subdomains, to see if they were infected as well
• Check file permissions

Gootloader (previously Gootkit) malware has been around since 2014, and is used to initally infect a system, and then sell that access off to other attackers, who then usually deploy additional malware, to include ransomware and banking trojans. By cleaning up your blog, it will make a dent in how they infect victims. PLEASE try to keep it up-to-date and secure, so this does not happen again.

Sincerly,

The Internet Janitor

Below are some links to research/further explaination on Gootloader:

https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

https://news.sophos.com/en-us/2021/08/12/gootloaders-mothership-controls-malicious-content/

https://www.richinfante.com/2020/04/12/reverse-engineering-dolly-wordpress-malware

https://blog.sucuri.net/2018/12/clever-seo-spam-injection.html

This message

we recently upgraded our blog – please visit!!!
www.jschwartzconstruction.com/blog

We are currently in the middle of an interesting project. The project entails the removal of existing cedar shake siding, removal of gypsum sheathing (no vapor barrier!) and the installation of new insulation, new 1/2″ CDX Plywood, Tyvek, 3/4″ Foam Board, Type D Tar Paper, and then Stucco/Fiber Cement…
There will be a small addition (approx 180 SF) that will be insulated with Spray foam insulation.

We will also be sealing off all of the hi-hats in the attic with metal duct and foam, and air-sealing the house to the best of our ability. We have done the ” Before” blower door readings, and will report back with the “afters” as soon as the project is complete. We feel that there will be significant descreases in energy consumption; come back and see!

Joe Schwartz is proud to be a member of the Building Performance Institute – (BPI), a group that sets the standard in Building Performance inspection, review and recommendation. Joe has recently become a certified Building Analyst and has the knowledge and equipment to perform complete Energy Audits on your home. This inspection includes Life, safety and Health inspections, as well as Blower Door Testing of the home.
J. Schwartz,llc offers Energy Audits as an integral part of any home renovation/remodel that we do; as well as stand-alone audits for anyone that would like to hire us to inspect their home.
The inspections will provide an in-depth analysis of the homes combustion appliances, electrical / fuel consumption, general electrical system safety, and it will show exactly how “leaky” the home is… with recommendations on how to make your home more energy efficient.

I knew at the age of 14 that I wanted to build. I wanted to build things so that I could feel good about myself, and so that my clients would feel good in the spaces that I worked on – their homes. I wanted it so badly that I worked summers as a framer, or more accurately at the time – as a wood carrier. No matter, to be surrounded by the sawdust and to see a structure rise, was all I wanted. I wanted it so badly that I went to school for Architecture, Architectural Engineering, and Civil Engineering – all to be a “builder”. But what does that mean? A doctor is someone that holds a license that compares them with a standard; a CPA must pass tests to be called a “CPA”, but a builder – well – anyone can call themselves a builder; and that is the problem.
There is a science to proper construction – a science that I was not even taught in seven years of higher-education. A science that I taught myself, learned, and sought out.
“Building Science” is now a catch-phrase, but a very good one. Efficiency of a home has suddenly become important in the U.S. (but always should have been), and J. Schwartz,llc is on the forefront. There are terms out there now like “tight home”, “energy efficient home”, and “green home”, but what do they mean, and who can build them? AND – WHAT DO THEY COST???? The truth is, an energy efficient home need not cost more than a cookie-cutter home, a green home may have a higher up-front price tag, but may very well have a large return-on-investment PLUS a large benefit to the common good. It is all in the education – the know how, and the ability. J. Schwartz,llc is in the unique position to offer these evaluations and opportunities as a part of our construction services.
We now offer full energy auditing services that include a complete and thorough evaluation of existing homes, a FREE audit on homes that we renovate, and all of our new custom projects will be ENERGY STAR RATED.
We are dedicated to remain in the forefront of smart, educated and efficient construction – and we can explain (and understand) what that means.

Do you have drafty windows? Ice Dams on the roof, An inefficient Air conditioning or Heating System, Electrical problems? Call J. Schwartz,llc – we will soon offer full home energy audits – and will audit your home free of charge if you purchase the recommended upgrades from us!
The Federal Government is looking into a new program dubbed “cash for caulkers” that may credit you with a large portion of the upgrades, but an Audit will most likely be required in order to quantify the results.
Call us to schedule you Audit today!
CLICK HERE FOR A RECENT CNN MONEY ARTICLE ON ENERGY AUDITS!

How many times have you been doing something that you were not sure of and had no expertise in, and the proof that you were successful is that the project “worked” immediately after you were done? Who knows what will happen after a week, or a year or longer? We all do it, maybe it is a plastic kids toy on Christmas, or maybe while working on a car, or our homes.
Well, read this story and maybe you will think twice next time…
During the heavy rains of this last month (December, 2009), a family was gathering for an occasion in a home in South Jersey. The matriarch of the family had lived in the 40 year old home for over 8 years. She had cared for the home and it was in seemingly immaculate condition by anyone’s standards.
There was a loud “pop” and the floor shuddered – and one of the sons went to investigate. What he found was silty mud rushing into the basement, and an entire section of the foundation wall missing.
After a call to the fire department and a night filled with news vans, camera crews and firemen, the house was left uninhabitable, without water, electricity and gas. It was wrapped in caution tape with a big red sticker on the front door that read “DO NOT ENTER”. The basement was shored-up so that no further immediate damage would occur and a women was left homeless.
Well, why did this happen? This foundation was there for decades, so it must have been installed correctly, right? After all… it lasted for such a long time. Well, I loaded this question, so we all know the answer.
The typical foundation wall (hollow block – in this case, real “cinder blocks”) stacked and pointed didn’t do the job this time – not in the long run. Maybe a soil test would have solved this problem? Maybe a structural engineer would have included the potential soil and water pressure in the calculations that he used to design the reinforcing of the wall? Probably so.
Now I cannot say with any certainty that this wall was not engineered; but my very strong assumption is that the builder and/or Architect just decided to use the “typical” foundation wall and didn’t think twice about the specific conditions or the longevity of the product that he/she built. After all, this worked before… Well, was this successful? It did “work”, right? Well, again, no need for an answer.
In many cases, that foundation wall would have been fine; but in this case, it failed catastrophically and risked life and limb in the process; and although no one was physically injured, the costs to repair the home will cause harm, as will the distress in the meantime.
So now the homeowner is left battling a “reluctant” insurance company, while J. Schwartz,llc expediently gets the team of Soils Engineers and Structural Engineers together to do what should have been done in the first place…. But now, there will be the added expense of new HVAC systems, new finishes and furnishings and the project will all take place under a home that wants to follow the laws of gravity.

This most likely happened because someone was either ignorant of the possibility of involving professional engineers, or because they just knew better and “knew” that this would work…. Ignorance, either way.
So when considering your next project – whether it be putting together a Big Wheel , or having a house built, make sure that you and/or your chosen “team leader” (General Contractor), know what they are doing and who should be on the team. It is not good enough if it “looks good” when they are done – it must be designed and built correctly, too. (And when putting together that Big Wheel, you can look at the directions – I won’t tell!)
The lesson is: This could have been avoided. Oh yeah, and what about the dozens of neighboring homes built by the same team?

HELLO ALL!  This is my first construction blog, so please be patient…

Partial Front Facade

This project entailed the total demoltion of the attic area over the garage, a new Conservatory addition on the right (14′ ceilings), a new garage bay and room over the garage, a new Three-Season room in the front with an office and master closet above and a new Portico.  We are currently about 1 month ahead of schedule!  The interior will be complete this week, the exterior painting and new driveway work will have to wait for warmer weather.  Interior photos to follow…