Malware

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • tsptom
    Senior Member
    • Feb 2014
    • 264
    • 4.2.X

    [Forum] Malware

    I'm not seeing a lot of responses for the these recent hack complaints, but don't know where else to turn...

    Firefox and Chrome are blocking my forum for malware. Scanned the servers and no issues were found. When I go to Google's Webmaster tools and look at the "suspected injected code" I get something like this (on many forum files)...

    This is from the main page: www.domain.com/forum/

    Code:
    <a href="#top" onclick="document.location.hash='top'; return
    false;">

    And this is from the blog: www.domain.com/forum/blog/

    Code:
    <a href="http://www........com/forum/blogs/#top" onclick="docu
    ment.location.hash='top'; return false;">
    All flagged as suspicious, and there are 100's of pages listed like this. I don't know enough to know if this is really a problem or "injected code".

    Any help?
  • borbole
    Senior Member
    • Feb 2010
    • 3074
    • 4.0.0

    #2
    Can you post the link to the infected forum?

    Comment

    • tsptom
      Senior Member
      • Feb 2014
      • 264
      • 4.2.X

      #3

      Comment

      • DemOnstar
        Senior Member
        • Nov 2012
        • 1912

        #4
        Is a total reinstall out of the question? I mean all folders and files and a previous DB backup....


        Comment

        • tsptom
          Senior Member
          • Feb 2014
          • 264
          • 4.2.X

          #5
          That would be a last resort. It's a large forum and there's a lot (posts, etc.) to lose.

          Any idea what this is, or if it is "injected code" or part f VB?

          <a href="#top" onclick="document.location.hash='top'; return false;">

          By the way, I re-uploaded all of the files and still seeing this?
          Last edited by tsptom; Fri 13 Sep '13, 8:32am.

          Comment

          • grogster
            New Member
            • Oct 2007
            • 2

            #6
            I have experienced the same thing in the last two days Google and firefox are indicating that my site has malware and they point to this piece of code
            <a href="index.php#top" onclick="document.location.hash='top
            '; return false;">
            Same as above. I checked my other forums and even brought back a VB 3 forum I had and that code is there also. I thin this is part of VB but why is google and firefox showing as malware.

            Comment

            • tsptom
              Senior Member
              • Feb 2014
              • 264
              • 4.2.X

              #7
              Unfortunately it doesn't look like there's going to be much support on this issue on the forum. I hope it's because support is working on these support tickets issues?

              Does anyone know why this "suspected injected code" would be causing a malware warning?

              Code:
              <a href="#top" onclick="document.location.hash='top'; return false;">
              Is this part of VB code or is it a hack? Thanks

              Comment

              • Mark.B
                vBulletin Support
                • Feb 2004
                • 24286
                • 6.0.X

                #8
                Hello

                Please read the following two blog posts:
                This guide is for what to do, after youÂ’ve been hacked, exploited, and or defaced. Step 1, Change everything: If you believe, or think your site has


                Getting Started This guide is intended to be a starting point for helping to keep your site safe and secure in the long run. It is not a be-all, end-all guide


                Also please see these recent security announcements:

                vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
                vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
                MARK.B
                vBulletin Support
                ------------
                My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
                My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

                Comment

                • Wayne Luke
                  vBulletin Technical Support Lead
                  • Aug 2000
                  • 73981

                  #9
                  The code in the first post returns the user to the top of the page.... It is no more malicious than brushing your teeth in the morning.
                  Translations provided by Google.

                  Wayne Luke
                  The Rabid Badger - a vBulletin Cloud demonstration site.
                  vBulletin 5 API

                  Comment

                  • tsptom
                    Senior Member
                    • Feb 2014
                    • 264
                    • 4.2.X

                    #10
                    Thank you. That's what I thought, yet Google's webmaster tools is marking dozens to hundreds of my forum pages as malware because of it... including the home page.

                    Here's the error... http://www.tsptalk.com/images/mb/mal.gif

                    Comment

                    • Wayne Luke
                      vBulletin Technical Support Lead
                      • Aug 2000
                      • 73981

                      #11
                      I would say it is a false positive and you should contact Google...
                      Translations provided by Google.

                      Wayne Luke
                      The Rabid Badger - a vBulletin Cloud demonstration site.
                      vBulletin 5 API

                      Comment

                      • tsptom
                        Senior Member
                        • Feb 2014
                        • 264
                        • 4.2.X

                        #12
                        A little follow up: I asked Google (via the webmaster tools) to re-review the site and posted the code above in the comments box. About 12 hours later, no more malware blocks. Thanks!

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...