My site redirects to yandex.com

**IBxAnders** · Mon 12 Jul '10, 12:43pm

Plugin manager; check the plugin code perhaps - there could be a malicious injection.

**bstillman** · Mon 12 Jul '10, 12:50pm

Sounds like a sql injection attack. Someone somehow got a line of code in that references the javascript.

Using Firebug, I found a reference to **DO NOT CLICK** http://js.static.yandex.com/jquery/1.3.2 on your site. I'm working on trying to figure out exactly where it's at.

**Apokalupsis** · Mon 12 Jul '10, 12:52pm

Wouldn't just disabling all products/plugins work? That way it could be weeded out?

**bstillman** · Mon 12 Jul '10, 12:53pm

Looks to be a trojan: http://www.threatexpert.com/report.a...d1c7c85f3d9697

**Apokalupsis** · Mon 12 Jul '10, 12:55pm

So is it a flaw in vb or from the server/host?

**bstillman** · Mon 12 Jul '10, 12:56pm

Possibly related to this: http://www.vbulletin.com/forum/showt...ile2store.info

**snakes1100** · Mon 12 Jul '10, 12:57pm

Server/Host

**Apokalupsis** · Mon 12 Jul '10, 1:08pm

how can you be sure it's a server/host issue?

**bstillman** · Mon 12 Jul '10, 1:22pm

Originally posted by Apokalupsis

how can you be sure it's a server/host issue?

It's not. Not at all. Read the links I posted.

**Apokalupsis** · Mon 12 Jul '10, 1:54pm

Well, I was responding to snakes1100. OK, so he's wrong.

I don't know what I'm supposed to see in the "threatsexpert" link. I don't know what it means nor what to do about it.

The 2nd link that you posted does not appear to be related to my issue. I don't have vbseo, and it redirects regardless if coming from Google.

Still need vb tech to help.

**Apokalupsis** · Mon 12 Jul '10, 4:35pm

The excellent support team at Hostgator found the problem and removed it. I highly recommend them for a hosting company btw, they are great with shared vb communities.

Anyway, here it is (with some of the code removed so it isn't harmful):

At the bottom of includes/functions_forumlist.php

Code:

define('SITE_COLOR', 'PGlmcmFtZSBzcmM9IremovedforsafetyVib3JkZXI9IjAiPgo8L2$
echo base64_decode(SITE_COLOR);

They said that this isn't the first time they've ran into this.

**CrashPush** · Mon 12 Jul '10, 5:29pm

Originally posted by Apokalupsis

The excellent support team at Hostgator found the problem and removed it. I highly recommend them for a hosting company btw, they are great with shared vb communities.

Anyway, here it is (with some of the code removed so it isn't harmful):

At the bottom of includes/functions_forumlist.php

Code:

define('SITE_COLOR', 'PGlmcmFtZSBzcmM9IremovedforsafetyVib3JkZXI9IjAiPgo8L2$
echo base64_decode(SITE_COLOR);

They said that this isn't the first time they've ran into this.

Any ideas on how this was done? Admincp?

**Apokalupsis** · Mon 12 Jul '10, 6:01pm

Absolutely no idea. They just said to update vb and any and all mods I have installed.

**bstillman** · Mon 12 Jul '10, 8:21pm

Originally posted by Apokalupsis

The excellent support team at Hostgator found the problem and removed it. I highly recommend them for a hosting company btw, they are great with shared vb communities.

Anyway, here it is (with some of the code removed so it isn't harmful):

At the bottom of includes/functions_forumlist.php

Code:

define('SITE_COLOR', 'PGlmcmFtZSBzcmM9IremovedforsafetyVib3JkZXI9IjAiPgo8L2$
echo base64_decode(SITE_COLOR);

They said that this isn't the first time they've ran into this.

Interesting.... How in the world did they get it there?

vBulletin 3 End of Life

My site redirects to yandex.com

My site redirects to yandex.com

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment