Im quite lost in this malicious redirect on my vbulletin 4.2.x forum.
This redirect happens only once per day (first visit, cookie?) and only when coming from google, not direct forum visit.

The issue disappers when i disabled one plugin, then reappear next day, then again disappeared when i disabled another plugin, but then reappeared. reason?

"Disabling any mod will flush the datastore and that will appear to banish the malware temporarily. It will be back after a day or two"

OK, i examined datastore. In my /includes/config.php is:

// $config['Datastore']['class'] = 'vB_Datastore_Filecache';
Memcached is also commented out. so i asume i dont use any datastore? /includes/datastore files are almost empty, nothing important in it

But strange is that on some plugin disabling, the malicious filestore72.info redirect disappear - so there must be some cache?!(One need to use Chrome webbrowser anonymous window or similar so cache, cookies is cleared) otherwise this clever malware redirect dont happen.

Any ideas where is my datastore and how to track the infected Mod or file Please?
I can enable "vB_Datastore_Filecache" but im waiting You guys if you get any ideas on current state?

helpfullthread 1 (http://www.webhostchat.co.uk/business-technical-advice/29421-fix-vbulletin-redirecting-filestore72-info-url123-info-etc-redirect-google.html), 2 (http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/426213-vbulletin-4-2-0-pl3-hacked-redirect-to-filestore72-info)

Have you tried running your site through: http://sitecheck.sucuri.net

From time to time I still have similar redirect problem. I follow some fix solutions but after couple weeks/months hacker inject malware code in my forum.

Does ver. 5.xx is immune for this injection of malware code? If I upgrade forum to ver. 5 maybe I don't have this problem anymore? :confused:

Have you tried running your site through: http://sitecheck.sucuri.net

It amazes me that how many websites you search it always says Website Firewall Not Found Medium Risk PATCH AND PROTECT With Sucuri Firewall.It even say it for vbulletin.org

Thats ridiculous it even says it for my forum and we have a strong firewall .Its a selling con i tell you.

If you guys are fixing your site and still getting the redirect than you are not fixing it. Not only do you have to clean every hacked file but you have to fix the vulnerability and make sure you change all log ins afterwords.

Use Google webmaster tools and your server tools for malware check.

To prevent idiots hacking your site, password protect your vbulletin admin area folder (admincp), google: password protect folder
They probably can go thru somehow normally, but they cant when you set additional non sql based (.htaccess .htpasswd based) password protection. I would also change hosting password + disvover latelly added/modiffied files if there are no bad files. There are also several other webpages showing tutorials on how to get rid of this hack. good luck