Reported Attack Page!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Mark L.
    New Member
    • Feb 2014
    • 27
    • 4.2.X

    Reported Attack Page!

    1. vBulletin V. 4.2.2 patch 4
    2. PHP V. 5.4.43
    3. MySQL V. 5.5.52-cll
    4. Quite a few add ons installed
    5. Yes happens on default style
    6. Redirects to an attack page
    7. Firefox, Chrome, Safari
    8. Clicking on a link in a post

    Hi all, I have an issue I hope you all can help me with. First let me say I'm very new to vBulletin. I inherited this site from the old webmaster. I'm the President of the organization and he dumped the website in my lap and walked away. I'm trying to learn as fast as I can but may have some very basic questions. On to my issue.....

    We noticed a few weeks back that whenever a member of our forum posts a link to a website in their post we are not taken to that link. If we click on the link we are taken to a red page that says "Reported Attack Page!" I've attached a pic of the screen we get. You can see in the lower right corner there is a link that say "Ignore this warning". If we click that we are taken to the correct website the link was originally intended for. It's like every link that has ever been posted in our forums goes to this Attack page first.

    Another point I want to make is this only happens if the link is going away from our website. If we post a link to another page in our site that works fine. It just happens when clicking links leaving our site. Another point to make is that whenever I mouse over a link that is posted it reads like this...

    www.the website name.com/redirect-to/?redirect=http://the website name.html

    Every single link we post when you hover over it has that redirect-to added to it. I cannot figure out why our forums are adding that to all links. Even if I use [url] tags it happens. I'm a member of other vBulletin sites and links do not do this. Aside from this our website seems to be running fine. Our host has ran some advanced malware detection on our server/files/etc. and they say we are clean. Any help why are links are being redirected would be great.

    I should add that this seems to happen on Firefox, Chrome, and Safari. It does not happen when using Internet Explorer.
    Attached Files
  • Mark.B
    vBulletin Support
    • Feb 2004
    • 24286
    • 6.0.X

    #2

    1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.

    2) Check your plugins list for any that are not part of a product you've added:

    AdminCP > Plugins & Products > Plugin Manager

    Any listed under 'vBulletin' at the top of the list should be examined carefully and removed if you're unsure as to what they are.

    3) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.

    4) Update the following passwords in addition to your AdminCP:

    - FTP
    - Database

    When updating the database password, ensure you also change your config.php file to use the new password otherwise your site won't be able to connect to the database.

    5) Secure your AdminCP directory via .htaccess/.htpasswd.
    MARK.B
    vBulletin Support
    ------------
    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

    Comment

    • Mark L.
      New Member
      • Feb 2014
      • 27
      • 4.2.X

      #3
      Thank you for the reply Mark.B. I saw you post this exact same thing in other threads when people asked for help. I'm sure the is the blanket answer for most issues with vB but create a massive headache for me.

      1. I ran Suspect File Diagnostics. There are about 150+ files listed as File Not Recognized as part of vBulletin. I'm suspecting the previous webmaster had very poor housekeeping skills. It looks like he saved files in many locations for various things he was working on but probably not where they should be. Many of the file names I recognize and seem like he would use them. Many I have no clue what they are.

      2. There are 43 plugins shown in the Plugin Manager. Each one has many items below the name and all have a check mark in the box indicating Active. I really have no idea what they all are. A few I recognize but not many. What does it mean if some of the items have lines through them like they are strike out?

      3. Not sure what base64 code is. What would I look for and where?

      4. Updating the password shouldn't be an issue. I can do that.

      5. Not sure how to do this but I'll look into it.

      At this point knowing there are so many random files in my directories and not knowing what all the plugins do. I'm guessing I won't get much help with this? Let me ask this, I have my laptop and have WINSCP installed. I can use WINSCP to access the files on the server. I can also use the AdminCP in vBulletin to do admin stuff. That is all I have. I can basically log in to WINSCP and touch the live website which I do NOT like doing.

      Is there a way or can I set up a dummy website/forum on my laptop so I can play around with it and break it if I want and not worry about the actual forum? I have 150+ users logged in at any time and I can't chance breaking the forum.

      Comment

      • Mark L.
        New Member
        • Feb 2014
        • 27
        • 4.2.X

        #4
        I have figured out what the issue was on our forums. I worked with Google and no longer see the redirects. Thanks again for your reply.

        Comment

        Related Topics

        Collapse

        Working...