Attack!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • shohin
    Senior Member
    • Oct 2007
    • 229
    • 3.6.x

    Attack!

    OK…..now what do I do??
    Getting a reported “Attack Page”! (see image)
    I was coming up with several reported virus’s a few weeks ago so I had a person do a new upload (yes, he can be trusted) as I’m admittedly technically inept. I also received an email from Google about this issue. Is this an issue that must be reported to my server/hosting company? I haven’t the faintest idea how to proceed with this! HELP!!
    Attached Files
  • nwingate
    Senior Member
    • Jul 2003
    • 561
    • 3.8.x

    #2
    Check Google Webmaster Tools and read the message about the site. See if it lists the code that is causing the problem and do a search for it. That's what just happened to me this past week and it was something in the plugin system.

    Could also be ad related.

    Comment

    • shohin
      Senior Member
      • Oct 2007
      • 229
      • 3.6.x

      #3
      Well, like I said, I'm technically inept and I admit it. I went to Google Webmaster Tools but I haven't the faintest idea what it is that I'm looking for. Also, I don't see how I could possibly remove any malicious code from the site (even if I knew what it was) seeing that I can't even access it!

      Comment

      • DelphiVillage
        Senior Member
        • Apr 2002
        • 1051
        • 4.1.x

        #4
        hi,

        this is one of your ads i'm 90% sure some advertisers try to install adware... this could be the cause

        Comment

        • shohin
          Senior Member
          • Oct 2007
          • 229
          • 3.6.x

          #5
          Originally posted by DelphiVillage
          hi,

          this is one of your ads i'm 90% sure some advertisers try to install adware... this could be the cause
          You're more than likely right, but how can I remove any of the ad's if I can't access the site?
          Hell, as far as I'm concerned I would remove them all just to be on the safe side as they haved served no purpose whatsoever anyway. This might very well be a dumb question, but is there a way for me to gain access to the Admin CP?

          Comment

          • Ace
            Senior Member
            • Apr 2004
            • 4051
            • 4.2.X

            #6
            Originally posted by shohin
            You're more than likely right, but how can I remove any of the ad's if I can't access the site?
            Why can't you click the Ignore this Warning link and continue through to remove them?

            AdminCP would be highly unlikely to be running ad code.
            My Live vB5 Site - NZEating.com
            vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

            Comment

            • shohin
              Senior Member
              • Oct 2007
              • 229
              • 3.6.x

              #7
              Crap....I never thought of that! lol

              Like I mentioned earlier, I'm a bit technically inept. Seeing that I'm the one who installed the various ads via Google AdSense I thought perhaps that if I removed them? Other than that I have no idea what to do.

              Comment

              • Ace
                Senior Member
                • Apr 2004
                • 4051
                • 4.2.X

                #8
                Originally posted by shohin
                Crap....I never thought of that! lol

                Like I mentioned earlier, I'm a bit technically inept. Seeing that I'm the one who installed the various ads via Google AdSense I thought perhaps that if I removed them? Other than that I have no idea what to do.
                Sorry, I think that second comment of mine has added to the confusion. I mean "I would feel less concerned about ignoring that scary warning if I was clicking through to my AdminCP, because whatever caused it to appear is unlikely to be running in the AdminCP."

                So, you should be safe going into your template manager to remove them. (Or advertising manager or whatever).
                My Live vB5 Site - NZEating.com
                vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

                Comment

                • shohin
                  Senior Member
                  • Oct 2007
                  • 229
                  • 3.6.x

                  #9
                  Well, so much for ignoring the warning and trying to access the Admin. CP as I can't!
                  I ignored the warning and got on the site. When I clicked on the Admin. to log in it came up with a very strange login page (see picture). When I then clicked on "Login" to access the Admin.CP it simply brought me back to the site page! I tried it several time but always with the same result. Bottom line, I cannot access the Admin. CP! Admittedly, I probably wouldn't know what to look for aside from possibly removing the ads that I currently have. But, even if I did know where, and what to look for, how can I possibly do so if I can't even access the Admin. CP to do so?? Now what......?
                  Attached Files

                  Comment

                  • shohin
                    Senior Member
                    • Oct 2007
                    • 229
                    • 3.6.x

                    #10
                    OK, I finally managed to gain access my Admin.CP by using Internet Explorer (very old version) as that does not show any “Reported Attack Page”. I always use Mozilla Firefox, but then I get the “Reported Attack Page”. After doing more looking about with the Google Webmaster Tools it shows that there seems to be two problematic URL’s on my site (see image 1). When I click on the DETAILS for the /clientscript/vbulletin, etc. it gives me a URL. When I enter that URL on my browser it gives me (see image 2) whatever that means?? When I click on the DETAILS for the second one: /tropical-trees/146, etc. I also get a URL, but that simply brings me to an old thread on my site from 2008!

                    Also, it seems as though Google is partnered up with a place called “Stop Badware” which offers a search: Search Badware Website Clearinghouse”. When I enter in the URL to my site it comes up with ZERO results!

                    So, what do I do now? Although Google is showing supposedly two problematic URL’s just what am I supposed to do about them, and how do I go about it?? Should I just request a new review from Google? When you do that, there is a box that you must check that says: “I certify that I have removed badware or badware links from my site, according to StopBadware.org's Security Tips For Websites. “, which obviously I haven’t done as I have no idea how to go about it. For what it’s worth, the only ads I had were from Google Adsense (except one) on the Home CMPS page and I get rid of them all. Still in desperate need of help with this issue.
                    Attached Files

                    Comment

                    • Ace
                      Senior Member
                      • Apr 2004
                      • 4051
                      • 4.2.X

                      #11
                      Have you uploaded a fresh set of vBulletin files?
                      My Live vB5 Site - NZEating.com
                      vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...