Gas Man
11-17-2012, 09:27 PM
First off, I'm very new to website stuff. I have ran many forum's before but only as moderator and admins, doing stuff only in the vb admin panel. Last year I purchased a local site from a friend that was getting out of it. With lots of help from some friends I got the site transfered to a new hosting company and upgraded it a bunch. Recently I haven't been able to have my old friend help, he's been busy, so I'm tackling things by myself.
I have been battling this over and over for a long time. Somehow my forum gets hacked so that when you click on a link from google or yahoo it gets redirected to some short url spam site. Sometimes from google, my avast will say it blocks a trojan.
The site is fine if I just use a bookmark, but once you try to go from a search engine, all heck breaks loose. I have the hosting company scan the site and they always find something like the following..
It appears that the vbulletin database was injected with malicious code by the use of a commonly know vbadvance exploit:
I have 4.2.0 PL3 installed.
I do have 4 plug ins installed that I didn't install
https://vborg.vbsupport.ru/showthread.php?t=174381
https://vborg.vbsupport.ru/showthread.php?t=180651
http://www.vbadvanced.com/products.php?do=productinfo&productid=4
And as of yesterday (it's been happening way longer)
https://vborg.vbsupport.ru/showthread.php?t=248042
I do see that the CMPS is out of date, but they want to install it themselves, not just let me download it. They want lots of important info, that I'm not sure about handing out. Is that ok to give them for this, then just change passwords later???
Any other suggestions?? This is a horrible ridiculous thing and I'm sick of just having it cleaned to just have it back later.
Thanks in advance!!
--------------- Added 1353193292 at 1353193292 ---------------
Ok vbadvance only wants admin access to vb and ftp setup for the install. Guess that's not so bad.
I have been battling this over and over for a long time. Somehow my forum gets hacked so that when you click on a link from google or yahoo it gets redirected to some short url spam site. Sometimes from google, my avast will say it blocks a trojan.
The site is fine if I just use a bookmark, but once you try to go from a search engine, all heck breaks loose. I have the hosting company scan the site and they always find something like the following..
It appears that the vbulletin database was injected with malicious code by the use of a commonly know vbadvance exploit:
I have 4.2.0 PL3 installed.
I do have 4 plug ins installed that I didn't install
https://vborg.vbsupport.ru/showthread.php?t=174381
https://vborg.vbsupport.ru/showthread.php?t=180651
http://www.vbadvanced.com/products.php?do=productinfo&productid=4
And as of yesterday (it's been happening way longer)
https://vborg.vbsupport.ru/showthread.php?t=248042
I do see that the CMPS is out of date, but they want to install it themselves, not just let me download it. They want lots of important info, that I'm not sure about handing out. Is that ok to give them for this, then just change passwords later???
Any other suggestions?? This is a horrible ridiculous thing and I'm sick of just having it cleaned to just have it back later.
Thanks in advance!!
--------------- Added 1353193292 at 1353193292 ---------------
Ok vbadvance only wants admin access to vb and ftp setup for the install. Guess that's not so bad.