Redirect infection Google searches

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • giorgioarmani
    Senior Member
    • Dec 2006
    • 299
    #1

    [Forum] Redirect infection Google searches

    I'm getting all Google traffic redirected to http://url2short.info/3b3e8d23.

    I've deleted all files and installed a fresh copy of both VB and VBSEO... A few days later it's back!

    My host says it's VB and VB has tried for 3 weeks to assist me... Time to try here

    Anyone have any suggestions?


    Tags: None
    • bforum
      Senior Member
      • Dec 2007
      • 113
      • 4.0.x
      #2
      i have the same thing ,no idea what to do

        Comment

        • giorgioarmani
          Senior Member
          • Dec 2006
          • 299
          #3
          Originally posted by bforum
          i have the same thing ,no idea what to do
          Are you using VBSEO?


            Comment

            • Wayne Luke
              vBulletin Technical Support Lead
              • Aug 2000
              • 74152
              #4
              1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.

              2) Check the config.php for any suspicious code. It isn't checked by the suspect file diagnostic.

              3) Search all templates for iframe tags. They should only appear in the following templates: bbcode_video, editor-ie.css, member.css, stylegenerator.css, vbcms.css, vbulletin.css, help_bbcodes, humanverify_recaptcha, search_common, and search_common_select_type

              4) Check all your plugins for rogue include, require, include_once, or require_once code. All files should come from your server and be known to you.

              5) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.

              6) Make sure that your plugins do not include calls to exec(), system(), or pass_thru() or iframes. These are also often signs of a hacked site.

              Query for step 4 and 5 -
              SELECT title, phpcode, hookname, product FROM plugin WHERE phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE '%system%' OR phpcode like '%pass_thru%' OR phpcode like '%iframe%';

              7) Run this query: SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';

              It checks the templates for compromising code.

              8) Check .htaccess to make sure there are no redirects there.
              Translations provided by Google.

              Wayne Luke
              The Rabid Badger - a vBulletin Cloud demonstration site.
              vBulletin 5 API

                Comment

                • bforum
                  Senior Member
                  • Dec 2007
                  • 113
                  • 4.0.x
                  #5
                  i am using vbseo indeed giorgioarmani
                  thank you wayne luke wil do that

                    Comment

                    • SiFor
                      Member
                      • May 2004
                      • 91
                      • 5.0.X
                      #6
                      Originally posted by bforum
                      i am using vbseo indeed giorgioarmani
                      thank you wayne luke wil do that
                      This will help you, I had the same issue: http://www.vbseo.com/f5/faqs-rogue-p...release-52862/
                      CertForums.com Help, Advice and Resources to Pass Your Certification

                        Comment

                        Previous template Next
                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...