Possible site hack?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • zingy
    New Member
    • Oct 2013
    • 16
    • 5.0.X

    Possible site hack?

    Some of my members are reporting a strange redirect once they visit my forum. I checked the templates for the site that they mentioned but nothing comes up. I also searched for the string in the database using myphpadmin, but nothing comes up. I did the plugin trick that I read on here where i go to the plugin manager and save something to clear datastores, but it doesnt do anything. The redirect for the site doesnt happen to me personally unless I use the same browser my members are reporting it on.

    Also the redirect that members are reporting also shows up on an SEO checker. It shows the redirected site as the SEO page Title and in the header as <h3>, but like i said before I didnt find anything in the templates matching any of i. Any ideas on what this could be? im on vb 4.2.0 pl4 and i patched my yui flasher and changed it to google too

    tyia
  • Mark.B
    vBulletin Support
    • Feb 2004
    • 24286
    • 6.0.X

    #2
    Have you ever used vBSEO?
    MARK.B
    vBulletin Support
    ------------
    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

    Comment

    • zingy
      New Member
      • Oct 2013
      • 16
      • 5.0.X

      #3
      Originally posted by Mark.B
      Have you ever used vBSEO?
      Nope. I dont have that installed and never have.

      Comment

      • Wayne Luke
        vBulletin Technical Support Lead
        • Aug 2000
        • 73979

        #4
        If you're loading YUI's Flash Uploader off of Google, it is not patched. Yahoo is not providing a patch for that exploit.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment

        • zingy
          New Member
          • Oct 2013
          • 16
          • 5.0.X

          #5
          Originally posted by Wayne Luke
          If you're loading YUI's Flash Uploader off of Google, it is not patched. Yahoo is not providing a patch for that exploit.
          I had previously patched it using this method http://www.vbulletin.org/forum/showthread.php?t=307008

          I had YU flash loader set to none for awhile and the redirect was still there. I recently put it back to Google however.

          Comment

          • Mark.B
            vBulletin Support
            • Feb 2004
            • 24286
            • 6.0.X

            #6
            Check your plugins (not products)....are there any in there that you didn't put there yourself?
            MARK.B
            vBulletin Support
            ------------
            My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
            My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

            Comment

            • zingy
              New Member
              • Oct 2013
              • 16
              • 5.0.X

              #7
              Originally posted by Mark.B
              Check your plugins (not products)....are there any in there that you didn't put there yourself?
              Nothing suspicious that I see. I also saved it to clear the datastore, from what I read that should clear it out, but the redirect is still there. I haven't taken the time to manually search each and single plugin code to find it there, I assume there isn't a way to automatically search string in the plugin section?

              Comment

              • zingy
                New Member
                • Oct 2013
                • 16
                • 5.0.X

                #8
                Update: I searched all plugins on the site using the search plugins mod by KH99 and no results were found. I tried different variations for the redirect site that keeps happening, but it didnt find results in the plugins, templates, or phrases on the site. Any ideas?

                to reiterate, the site is being redirected on some browsers and using a SEO checker it shoes it as the the heading <h3>

                Comment

                • Mark.B
                  vBulletin Support
                  • Feb 2004
                  • 24286
                  • 6.0.X

                  #9
                  Go to AdminCP > Maintenance > Diagnostics
                  Run the Suspect File Versions tool.
                  Does anything unusual show up in there?
                  (File not part of vBulletin / File does not contain expected contents)
                  MARK.B
                  vBulletin Support
                  ------------
                  My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                  My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                  Comment

                  widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                  Working...