Anyone know why any external links away form my vb site would work fine, EXCEPT those that are in posts in boards that are "hidden"? Like we have the Moderator board and external links when clicked give a attack warning in Firefox and Chrome, but the exact same links in other posts in other boards on the same site look differnent and work.
We even have a Google Search link in the masthead (header) that when viewed in a page source appear different.
Here is what the "bad" links look like, and it happens immediately when posted.
/redirect-to/?redirect=http%3A%2F%2Fwww.google.com%2Fsearch
Our site name is actually on the front of that, but it just appears as www.google.com on the public accessable boards. Also, if an external link in in a members signature, it will appear with normal in all public boards on the site, but will have the :rediect-to/?redirect=" on them. Same signature, same site, just a differnet board...
I did note that on the very bottom of the pages, there is this:
<!-- Do not remove or your scheduled tasks will cease to function -->
After that, there is nothing there. BUT, on the pages with the redirects, there is a line to run cron.php on the server. I looked at that file and didnt see anything "wrong" but I'm no genius. Anyone know where that line would get added? If I knew that, I'd remove that and see if that is the issue. Again, that cron is only in the posts on the "hidden" boards (like Moderator or others for mods/admins only).
HELP.
Any ideas or thoughts on what malware is that is doing this???
We even have a Google Search link in the masthead (header) that when viewed in a page source appear different.
Here is what the "bad" links look like, and it happens immediately when posted.
/redirect-to/?redirect=http%3A%2F%2Fwww.google.com%2Fsearch
Our site name is actually on the front of that, but it just appears as www.google.com on the public accessable boards. Also, if an external link in in a members signature, it will appear with normal in all public boards on the site, but will have the :rediect-to/?redirect=" on them. Same signature, same site, just a differnet board...
I did note that on the very bottom of the pages, there is this:
<!-- Do not remove or your scheduled tasks will cease to function -->
After that, there is nothing there. BUT, on the pages with the redirects, there is a line to run cron.php on the server. I looked at that file and didnt see anything "wrong" but I'm no genius. Anyone know where that line would get added? If I knew that, I'd remove that and see if that is the issue. Again, that cron is only in the posts on the "hidden" boards (like Moderator or others for mods/admins only).
HELP.
Any ideas or thoughts on what malware is that is doing this???
Comment